This change is the second phase of Google’s ultimate goal to mark all HTTP sites as non-secure and encourage website owners to move to HTTPS. Phase one, which included marking HTTP sites collecting password and/or credit card information as not secure, was implemented in January with Chrome 56. However, Google feels that “passwords and credit cards are not the only types of data that should be private.”
In addition to marking HTTP pages as not secure when a user enters data in a form, all HTTP pages will be marked as such when a user visits in Incognito mode. When using this type of private browsing, Google believes users “likely have increased expectations of privacy” and therefore should be notified of sites they are viewing that don’t have an SSL certificate in place.
While using an SSL is considered standard for websites taking credit cards, many site owners who aren’t processing transactions have reservations about switching to HTTPS. In this talk from the 2016 Progressive Web App Summit, Product Manager for Chrome Security, Emily Schechter, debunks these common myths, including that SSL certificates are costly and switching from HTTP to HTTPS will negatively affect your search engine rankings.
If cost is a concern, Google suggests two cost-effective places to obtain an SSL certificate: SSLMate, which offers a standard certificate for one hostname at $15.95/year, and Let’s Encrypt, a project that provides free certificates for the public’s benefit.
For site owners worried about search engine rankings, it’s true that changing to HTTPS may initially lower a site’s rankings, due to the fact that having two versions of a site is a negative ranking signal. However, by following best practices for site moves, rankings should recover quickly and may even see a small boost, as HTTPS is a positive ranking signal in Google.
As with everything Google does, these changes are a part of their effort to continually improve on the user experience. Because users today expect a high level of privacy when browsing the web, it makes sense to push site owners towards the use of an SSL certificate. Overall, switching from HTTP to HTTPS should not have any detrimental effects on a website, and ultimately visitors will feel safer providing personal information.
If you need help securing your website, or have questions about moving to HTTPS, fill out our Get Started form or give us a call at 501-537-2246.