Estimated Read Time: 3 Minutes

New “Not Secure” Warning

If you own a website that has not yet been converted over to HTTPS, Google has an unpleasant surprise coming for you in October.

Starting October 2017, Chrome (version 62) will show a “Not secure” warning when users enter text in a form on an HTTP page or when they view any non-HTTPS page in Incognito mode. The alert will appear to the left of Chrome’s address bar, as shown below.

Google's not secure warning that appears on non-https pages

Up until now, the “Not secure” warning only appeared on non-HTTPS website pages that accepted a username and password or credit card. Now every non-HTTPS form and all non-HTTPS pages viewed in incognito mode will have this warning.

Google has been pushing for a more secure Internet for some time now. This warning ramp up is their latest way of nudging website owners into the fully converted camp.

What Is HTTPS?

HTTP stands for HyperText Transfer Protocol. It is the communications protocol that allows networked devices to talk to one another. HTTP defines how network messages should be formatted, sent and interpreted and every addressable piece of content on the Internet uses HTTP.

HTTPS stands for HyperText Transfer Protocol Secure. Communications between two interconnected HTTPS devices is encrypted and therefore much harder for third parties to interpret, alter, and/or delete.

How Can You Tell If Your Site Has Been Converted?

There are several ways you can tell if your website has been converted over to HTTPS.

The easiest is to ask your website developer. He or she can tell you whether the site has been completely converted over to HTTPS.

A second option is to register your website with Google Search Console (previously Google Webmaster Tools). It is a free Google web service that offers many benefits, including the ability to receive notifications from Google. In August, Google started notifying registered website owners with non-HTTPS content if they were going to be impacted. Here’s an example notification.

sample google search console warning

A third option is to open a browser and view your website. Look at the address bar in the top left-hand corner. Do you see a green padlock and the word “Secure” like shown below? If yes, this page of your website has been successfully converted to HTTPS.

The secure label that will appear on HTTPS pages

If you see something like below (no green padlock and the words “Not secure” in grey), your content is still HTTP (or partially HTTP) and the grey “Not secure” wording will soon turn red.

not converted label shown in google address bar

The downside of this approach is that you have to view every page on your website, one by one before you can be sure they’ve all been converted successfully. It is not at all uncommon to see partially converted content and websites, some files HTTP, others HTTPS.

There are other tools (like Jitbit and Screaming Frog) which you can use to scan your website and highlight pages that have not yet been converted. The problem is not every file / URL needs to be converted. For example, if your site is linking out to an external resource, that file does not have to be HTTPS in order for your page to display green. Unless you are intimate with the technical details of your website, it is probably best to ask your website developer or to register your website with Google Search Console.

What Does All This Mean For Website Owners?

It means if you have not converted your website over to HTTPS, starting in October 2017 incognito visitors are going to receive a warning every time they visit your website. GlobalWebIndex estimates that 46% of international website users use private (incognito) windows for browsing. So expect roughly half your audience will see the warning.

Non-incognito visitors will receive a warning only if they interact with one of your forms. If you use a non-HTTPS order, contact us, subscribe, unsubscribe, download, and/or any other type of form on your website, expect visitors will soon see this warning.

You Are Not Alone

Moz, an SEO tools provider, recently reported that roughly half of page 1 Google search results are HTTPS. That means you are not alone if your website has not yet been converted. It also means website visitors have lots of other options when they’re searching and you’re going to remain at a disadvantage until you do.

Which camp are you in? What’s holding you back?