Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card data that are not protected by HTTPS. The release of Chrome 62 due in October 2017 extends the “Not secure” warning to include any non-HTTPS page that accepts data from website visitors. In addition, these pages will also show “Not secure” when visited by users in Chrome Incognito mode to protect these users who are considered to use this mode as a security baseline.
With an anticipated release date of October 17, 2017, domain owners still have a few weeks to encrypt any sites that should be protected that might otherwise prevent users from entering their website.
Website owners and administrators need to consider the Always-On SSL concept to provide the following advantages:
- Security for all websites and pages regardless of content
- Mitigate known HTTP vulnerabilities
- Provide browser user privacy
- Support HSTS that will provide a browser error if the site is not secure
- Support HTTP/2 providing higher performance and less latency
- Improved search rankings for Google
- Higher trust indicators to assure visitors and avoid the “Not secure” browser warning
- Increase user confidence to bolster conversion rates
Google states that, “Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode.” The big word ALL should encourage all domain owners to execute on a plan to encrypt all sites with an SSL/TLS certificate to avoid disruptive user experiences.