search engine journal

Google Sets Deadline for HTTPS and Warns Publishers to Upgrade Soon

Google has announced a deadline of July 2018 as the date for when Chrome will begin explicitly warning users if a site is insecure.   Over 50% of Internet browsers worldwide are Chrome,
meaning this change may have a significant impact on web publishers. A prominent warning may affect how secure users feel and may cause some visitors to leave a site, which will negatively impacting a sites bounce rate, advertising impressions, affiliate clicks and eCommerce sales.


How Will Chrome Warn Users of Insecure Pages?

A prominent warning will be shown in Chrome’s address bar (also known as the Omnibox), indicating that an insecure website is “Not secure.” This warning will show for all http websites. Google’s announcement was firm about their goal to warn users of insecure sites, with the intent of  further shepherding more web publishers into upgrading to HTTPS.

“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by

Google’s announcement provided an example of how the “omnibox” address bar security warning will appear.

Google’s announcement provided an example of how the “omnibox” address bar security warning will appear.

Will Chrome Display a Warning on Mixed Content Pages?

Google’s announcement did not explicitly address whether mixed secure/insecure web pages will trigger the warning. But it may be safe to assume that these kinds of pages that display a mix of secure and insecure content will trigger a warning.

According to Google, Chrome’s Lighthouse web page auditing tool can identify what web page elements are triggering a mixed content warning:

“Mixed content audits are now available  to help developers migrate their sites to HTTPS in the *latest Node CLI*  version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.”

Worldwide Impact of Chrome HTTPS Security Warning

The impact will be felt more keenly in some countries than in others. But even in countries where the use of Chrome is low, this still represents 39% of Internet browsers. The need to update to HTTPS is especially important in regions such as South America, where Chrome use is as high as 74.04% and Israel, where 66.77% of Internet traffic is on Chrome.

The following is a partial listing of 12 countries, indicating how severely this will impact users worldwide:

  1. Chrome use in South America is 74.04%

  2. Chrome use in Mexico is 68.15%

  3. Chrome use in Israel is 66.77%

  4. Chrome use in Spain is 63.49

  5. Chrome use in Asia is 50.42%

  6. Chrome use in Russia is 44.84%

  7. Chrome use in Africa is 43.7%

  8. Chrome use in the USA is 42.63%

  9. Chrome use in Canada is 41.98%

  10. Chrome use in India is 41.38

  11. Chrome use in the UK is 40.75

  12. Chrome use in Australia is 39.2%

Should You Upgrade to HTTPS?

Google’s Lighthouse Developer Recommendations page recommends Let’s Encrypt as a low cost alternative for those who run their own servers. Most web hosting providers already provide free HTTPS certificates as well as low cost certificates. The monetary cost for upgrading should no longer be an excuse for waiting.

Perhaps the most valid reason for waiting are technical issues.  Among the considerations for upgrading to HTTPS are the mixed content issues, where a secure web page links to a web page asset such as JavaScript or CSS using an insecure URL. These are issues that a site publisher needs to consider against possibly losing traffic and revenue. For those who have been sitting on the fence, there is now a date set, July 2018.

Nevertheless, the clear answer is that all web publishers should at least consider upgrading to HTTPS. This is no longer a consideration limited to eCommerce sites. The warnings may cause site visitors to begin negatively reacting to warnings on sites that have not upgraded, which may affect advertising impressions, lead generation, sales and so on.  July 2018 is the deadline for when prominent warnings will begin to show to Chrome users. The clock is ticking.

Images by Shutterstock, modified by author

Screenshot by author

Source: Search Engine Journal