Beginning on July 24th 2018, Google Chrome started labeling unencrypted HTTP websites as “Not Secure”. This comes after a 6 month warning to webmasters to change from HTTP to HTTPS – with implications both for customer trust, and on-site SEO.
The new Google chrome 68 update will display the words “Not Secure” on the left of the address bar of a HTTP website, where it would have previously just shown an “i”.
This is a big move by Google to try to make the web a safer place by forcing the hand of webmasters; a ‘Not Secure’ tag may negatively impact important metrics such as bounce rates, and even conversion rates, as the average web user becomes fully aware that a site is not secure.
This could especially affect how the user views unencrypted websites of lesser known brands, who don’t already carry a weight of of trustworthiness.
The explosion of the recent data breaching fiasco in the mainstream media may also play on users’ minds when they contemplate engaging with a non-https site.
Chrome security product manager Emily Schechter said: “Encryption is something that web users should expect by default.”
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is considered to be the secure form of HTTP. The “S” stands for secure.
Data gets delivered between your web browser and the website you are connected to and HTTPS makes sure this data is encrypted.
Why is HTTPS important?
The issue with standard HTTP is that it isn’t encrypted, meaning any data passed is insecure and could potentially be hijacked by a third party.
For e-commerce sites such as Asos.com, HTTPS is an essential security feature to protect sensitive card payment details.
Even non-ecommerce sites, such as sites with customer logins, should also have HTTPS.
As well as securing your site and adding an element of trust, HTTPS has also been confirmed as one of the many SEO ranking factors, way back in 2014. This highlights just how important Google treats HTTPS, as the search engine giant rarely discusses ranking factors.
Which major sites are affected?
Why no HTTPS? lists the major sites which are yet to move to HTTPS and are now consequently as listed ‘Not Secure’.
Some of the culprits at the time of writing include:
- Argos.co.uk
- Next.co.uk
- Topshop.com
- Three.co.uk
- Williamhill.co.uk
What did the people say?
I conducted a small online poll asking who would still be prepared to share sensitive data with a “Not Secure” site.
Here are the findings:
85% of people voted “no” to sharing sensitive information with ‘Not-secure’ sites, which reaffirms how important security is to users.
How you can secure your website with HTTPS
For new websites, an SSL certificate, is usually an option when signing up to a web hosting service. Most of the time this will be in the form of a free yearly add-on, depending on your package.
For existing sites, Cloudflare offers benefits both as a CDN (content-delivery-network) and also by providing a free SSL Certificate.
Let’s Encrypt is another popular method for obtaining a free SSL certificate, however it will require some technical nous to implement.
Be warned, though; enabling migration to HTTPS can be a complex process.
For advice on how to secure your site and migrate to HTTPS, get in touch with our SEO team.
