Skip to main content
Website Design

Will your site be flagged as not secure?

Google Chrome will soon be marking more sites with the dreaded “Not Secure” flag. Rolling out through October 2017, Google Chrome will start to flag sites that collect user information if the site is not protected with an SSL Certificate. Chrome indicates connection security with an icon in the address bar, visually altering users that the site is “NOT SECURE.”

Google Chrome marks HTTP pages Not Secure

When most users see this (or any) security warning, they leave the site upon the assumption that “something is wrong.” Consequently, sites that fail to meet the new Chrome standards will quickly experience a drop in site traffic. Google Chrome, composing 59.61% of browser share, will stop using their site.

Beginning in January 2017 (Chrome 56), Chrome started to mark HTTP pages that collect passwords or credit card information as non-secure as part of a long-term plan to mark all HTTP sites as non-secure. After version 55, using Google Chrome browser in “incognito” mode resulted in a security warning for every site visited that wasn’t protected with an SSL Certificate.

Any site that collects user information, whether in incognito mode or not, was also labeled as “Not Secure.” Starting in October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in incognito mode.

What Should I Do?

To resolve the “NOT SECURE” issue, an SSL Certificate could be installed and your website reconfigured to serve over the HTTPS protocol. An SSL Certificate will encrypt your visitor’s sensitive data. It will also display your site with “HTTPS” in the address bar, letting visitors know that you’ve made their security a top priority. HTTPS is also considered by Google as a ranking signal, which is an added bonus.

To configure Chrome to show the warning as it will appear in October 2017, take the following steps. Open chrome://flags/#mark-non-secure-as and set the Mark non-secure origins as non-secure option to Display a verbose state when password or credit card fields are detected on an HTTP page. Then, relaunch your browser.

To learn more about adding SSL to your site, contact your digital marketing agency or hosting provider.