Google has announced a deadline of July 2018 as the date when Chrome will begin explicitly warning users if a site is insecure.
More than 50 percent of Internet browsers worldwide are Chrome, meaning this change may have a significant impact on web publishers.
A prominent warning may affect how secure users feel and may cause some visitors to leave a site, which will negatively impact a site’s bounce rate, advertising impressions, affiliate clicks, and e-commerce sales.
How Will Chrome Warn Users of Insecure Pages?
A prominent warning will be shown in Chrome’s address bar (also known as the Omnibox), indicating that an insecure website is “Not secure.” This warning will show for all HTTP websites.
Google’s announcement was firm about their goal to warn users of insecure sites, with the intent of further shepherding more web publishers into upgrading to HTTPS.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default.”
Will Chrome Display a Warning on Mixed Content Pages?
Google’s announcement did not explicitly address whether mixed secure/insecure webpages will trigger the warning. However, it may be safe to assume that these kinds of pages displaying a mix of secure and insecure content will trigger a warning.
According to Google, Chrome’s Lighthouse web page auditing tool can identify which web page elements are triggering a mixed content warning:
“Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.”
Worldwide Impact of Chrome HTTPS Security Warning
The impact will be felt more keenly in some countries than in others. But even in countries where the use of Chrome is low, this still represents 39 percent of Internet browsers.
The need to update to HTTPS is especially important in regions such as South America, where Chrome use is as high as 74.04 percent, and Israel, where 66.77 percent of Internet traffic is on Chrome.
The following is a partial listing of 12 countries, indicating how severely this will impact users worldwide. Chrome use in:
Should You Upgrade to HTTPS?
Google’s Lighthouse Developer Recommendations page recommends Let’s Encrypt as a low-cost alternative for those who run their own servers. Most web hosting providers already provide free HTTPS certificates as well as low-cost certificates. The monetary cost for upgrading should no longer be an excuse for waiting.
Perhaps the most valid reason for waiting is technical issues.
Among the considerations for upgrading to HTTPS are the mixed content issues, where a secure webpage links to a webpage asset such as JavaScript or CSS using an insecure URL. These are issues that a site publisher needs to consider against possibly losing traffic and revenue.
For those who have been sitting on the fence, there is now a date set: July 2018.
Nevertheless, the clear answer is that all web publishers should at least consider upgrading to HTTPS. This is no longer a consideration limited to e-commerce sites.
The warnings may cause site visitors to begin negatively reacting to warnings on sites that have not upgraded, which may affect advertising impressions, lead generation, sales, and so on.
July 2018 is the deadline for when prominent warnings will begin to show to Chrome users. The clock is ticking.
Images by Shutterstock, modified by author
Screenshot by author