3 min read

Google’s Chrome web browser is the most popular web browser on earth by a healthy margin–with nearly 60% market share.

So when Chrome announces that they’ll be treating certain websites differently than others, it makes news and is worth the attention of business owners.

On February 8th, Emily

This is an important announcement, but not an entirely unexpected one.  Google has been pushing website developers and owners to use encryption and security technology for years.

What makes the new announcement newsworthy is that instead of simply placing a fairly innocuous ‘i’ information icon on HTTP websites as Chrome version 64 currently does, Chrome 68 will place the words ‘Not Secure’ next to that icon directly in the address bar.

HTTP Page Chrome

Previously, Chrome had only used the ‘Not secure’ label when users were attempting to enter information in data fields on HTTP sites.  Now the warning will be there by default for all HTTP sites.

Seeing a clear ‘Not secure’ message displayed prominent in the browser will obviously lead many users not to visit a site and certainly will give pause to many users before making a purchase or sharing information on a site.

And, of course, this is Google’s explicit goal:  they have stated for a long time that they don’t want insecure traffic on the web.  In recent years, Google has announced that having an HTTP site would be a negative ranking factor in Google’s search rankings.  A healthy, safe web is a core business objective for Google, which in many ways is almost synonymous with the web.

Google almost certainly has compelling data about how dramatically this will affect traffic to insecure websites and has waited to roll this out because it’s a pretty draconian step. According to Emily’s post, they felt now was the time to make this change because they’ve seen such positive adoption rates of SSL across the web:

Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

If your website doesn’t have an SSL certificate, now is definitely the time to get one.  Once it’s installed, web surfers will see a confidence-boosting, welcoming green lock icon similar to the one below.

chrome secure https icon









What Is HTTPS and How Do We Get It for Our Website?

HTTP is the acronym for Hypertext Transfer Protocol.  It’s the technical specifications used by a web browser to interact with a website’s server.

HTTPS is a secure version of the protocol that encrypts the data that is moving between your web browser and the website’s server.

This encryption provides three main security benefits.

First, no third party can ‘listen in’ and read the information traveling between your browser and the website.

Second, the data moving between your browser and website can’t be changed by a third party without triggering a notification.

Third, it authenticates that you’re actually interacting with the site you think you’re visiting (which prevents so-called ‘man-in-the-middle’ attacks).

In order to get HTTPS status for your website, you must have a valid SSL certificate installed in your website’s hosting environment.  SSL is a form of public key encryption. Therefore, an SSL certificate is only as trustworthy as the company that issues it.

The companies that issue SSL certificates are known as Certificate Authorities (CAs).  There are a few major players, including GoDaddy, Comodo and Symantec. (Although you should be aware that Chrome has repeatedly issued warnings about the trustworthiness of Symantec (formerly VeriSign) certificates.)  Your website hosting company can provide directions on purchasing and installing an SSL certificate.

You should also consider the free certificates offered by the non-profit Let’s Encrypt.

After you’ve installed SSL on your website, make sure you address any resulting mixed content issues.