Latest Google Chrome Browser Makes HTTPS the Expectation

HTTPS logoWebpages encrypted via HTTPS are now the expectation and not just a strong recommendation.

With the release of version 68 on Tuesday, July 24, 2018, the Google Chrome web browser began showing users prominent warnings for unencrypted web pages – pages that use Hypertext Transfer Protocol (HTTP) instead of Hypertext Transfer Protocol Secure (HTTPS).

HTTP allows a web browser to communicate with a web server and retrieve the requested page (the link clicked or URL entered). HTTPS is the encrypted version of HTTP and helps ensure that visitor activity stays private regardless of whether the data itself is sensitive.

Google, Mozilla, and technology leaders large and small have urged website owners for years to have websites encrypt all traffic by default. This includes Google making HTTPS and Always-On Encryption a ranking factor beginning in 2014.

The Google Chrome update is strongest notice yet for website owners to enact Always-On Encryption via HTTPS.

How Concerned Should You Be As A Website Owner?

If HTTP isn’t obsolete, it is becoming obsolete, and website owners need to enact Always-On Encryption via HTTPS as soon as possible.

If your website is drawing the warning message, it is a cause for some concern, especially if it’s an ecommerce website.

The warning doesn’t mean that the website was hacked, and it doesn’t mean that visitors can’t do what they usually do on the site. It does mean that Google and others do not recognize the site as secure as it could be, and they are telling people about it.

The warning, which specifically mentions credit cards, is likely to have a chilling effect on buyers entering payment information: Without Always-On Encryption, some buyers will be spooked by the warning and won’t buy.

HTTPS encryption is also a ranking factor for Google giving HTTP sites a disadvantage in Google searches. While HTTPS is said to be a small ranking factor, the new warnings in Chrome 68 point toward HTTPS becoming a greater and greater factor.

Finally, websites that don’t use Always-On Encryption will appear increasingly obsolete or behind the times, calling into question what else about the site or company is not optimal.

If HTTP isn’t obsolete, it is becoming obsolete, and website owners need to enact Always-On Encryption via HTTPS as soon as possible.

What To Do If Your Website Draws the Warning

Websites that are drawing the new HTTPS warning need to acquire a security certificate and configure their website for Always-On Encryption.

Websites that draw the new warning are websites without Always-On Encryption. In other words, they are websites that are using HTTP instead of HTTPS at least part of the time.

The first step to Always-On Encryption is to obtain a security certificate. The certificate is essentially a long, unique password that verifies the website is the website that it claims to be so that Google and others can verify that it’s safe.

A number of companies issue security certificates. Essent SiteBuilder customers who a security certificate can contact Essent for specific instructions.

The next step after obtaining the certificate is to configure the website for Always-On Encyrption – to use the HTTPS protocol at all times by default. In Essent SiteBuilder, this is accomplished through simple settings.

Why Google Prefers HTTP

HTTPS is clearly the protocol that Google prefers as it continues to compel websites to use Always-On Encryption.

The new Google Chrome warning is by far more likely to mean that the website owner needs to upgrade than it is to mean that the website visitor has been compromised.

Users have been browsing websites unencrypted – via HTTP instead of HTTPS – for decades. In fact HTTP, the original protocol for retrieving a web page from a web browser, is largely the way that billions of people have browsed web pages since the inception of the internet.

HTTP, however, leaves visitor activity, including sensitive activity like entering payment card information, potentially accessible to whoever controls the network. Many websites are already using a mix of HTTP and HTTPS, using the encrypted protocol for sensitive pages like a checkout page. Always-On Encryption via HTTPS takes added step of encrypting visitor activity whether it’s sensitive or not.

HTTPS is clearly the protocol that Google prefers as it continues to compel websites to use Always-On Encryption, and the new Google Chrome warning is the strongest step yet.