Google is preparing for phase two of their HTTP* crackdown. Starting in October, Google Chrome will label any page that takes user input nonsecure if it doesn’t use SSL** encryption. This means even a search box on your page could be the difference between a glaring red nonsecure warning and a pleasant green secure address bar.
*Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.
**SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
What Will This Change Look Like?
In January, Google began phase one of their focus on HTTPS***. They started showing a nonsecure warning in the address bar on any page that transmits sensitive information over HTTP. So, you’ve probably seen the nonsecure display versus secure.
***Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP.
With the new change, every page that requires user input needs to use HTTPS, not just pages that transmit sensitive information. This includes any forms on your site – contact forms, payment forms, etc – search bars and input fields. If a page on your site uses a form and you’re not using HTTPS, the above red “Not Secure” warning will be displayed in the address bar.
Google is taking this phase a step further for Incognito mode. If a user is browsing Incognito, every HTTP page will have a warning regardless of if it takes user input or not.
How Will The Update Affect Your Site?
Chrome is by far the most popular browser on the market, having 55% of the market share. Safari is the second most widely used browser and only has 15% of the market share. So, it’s safe to say your customers are most likely using Chrome and will be affected by this new update. The update is a tactic used to push website owners to more secure practices, but it will be at the expense of potential customers. Users can be turned off by this warning and abandon browsing if they feel unsafe.
Even if your customers do use another browser, all 3 of the remaining major browsers are showing similar warnings. Firefox even shows a warning on forms that are on HTTP pages.
HTTPS is also ranking factor and has been for awhile. In 2014, Google announced sites using HTTPS would receive a slight ranking boost. With this recent push towards HTTPS, it can be assumed that having an HTTPS site could mean even higher rankings in the future.
What Can You Do?
There are many options for obtaining an SSL certificate which will be the first step in preparing your site to change from HTTP to HTTPS. The top 4 SSL certification providers are Comodo, Symantec, GoDaddy, and GlobalSign. It’s important you don’t acquire a free SSL certificate as tempting as it may sound. Free certificates won’t provide the level of security needed, nor give you the visual cues such as the green address bar.
Another thing you will need is to choose your security level: domain, organization, wildcard or EV. In order to have the green “Secure” in your address bar, an EV certificate is required. An EV certificate is essential for ecommerce websites since it provides the highest level of security, protecting the large amount of sensitive information passed through an ecommerce site.
Here at TM, we believe updating your site to HTTPS is a vital step in protecting your customers and moving towards are more secure internet for everyone. If you need to switch your site to HTTPS, contact us. It’s important to keep your customers coming back because they trust your business to handle their sensitive information.
This update is so important we’re offering special pricing to make the switch easier.
Protect your brand’s trustworthiness.