Google has repeatedly talked about the importance of HTTPS as opposed to HTTP over the last year and discussed flagging non-HTTPS pages with warnings to users on its Chrome browser. Now, it appears to be in its final implementation. Non-HTTPS pages are displaying warnings in a variety of industries.
A Reminder: What’s the Difference Between HTTP and HTTPS?
HTTP stands for HyperText Transfer Protocol; HTTPS means HyperText Transfer Protocol Secure. Both are protocols/languages for passing information between servers and clients. As the names imply, HTTPS is secure; HTTP is not. Without the security, it is possible third parties can view the conversation between the site and the user.
HTTPS connections are secured through SSL/TSL protocol, which respectively stand for Secure Sockets Layer and Transport Layer Security. The two are able to encrypt data protects the integrity of data by preventing corruption in its transfer. This certificate ensures communication with only the intended website.
Why is HTTPS Important?
HTTPS is quickly becoming the web standard, and Google has been making efforts to further accelerate this transition. Using HTTPS allows you to protect both your website and its visitors. Further, lacking HTTPS exposes sensitive user information to hackers who may be able to eavesdrop on the conversation between user and website.
Why is Google stepping in to move this process along? Because they’ve always been driven to improve its applications with the user in mind. Increasingly, with the countless number of digital security breaches, users expect private and secure online experiences. Google’s influencing power through SEO penalties, and now Chrome penalties, ensure they get it.
Additionally, HTTPS sites load significantly faster, which keeps users on your page and further boosts your SEO ranking. Unsecure sites run 334% slower than their secure counterparts, so the slowdown can be significant.
Previous Discussion of Non-HTTPS Warnings
Non-HTTPS warnings are not an unfamiliar topic for those keeping up with SEO news. It’s been discussed since September 2016. According to a Google Developers blog in October 2016, Chrome was set to start flagging non-secure (HTTP) pages containing passwords, credit card, and other personal information as Not Secure in the URL bar. And even prior to the warning in the URL bar, Google began favoring HTTPS sites over non-HTTPS sites in search rankings as far back as 2014.
The URL bar indicator is somewhat subtle, offering “Secure” and “Not Secure” labels with brief explanations as to why when you hover the mouse over the label. Because Google doesn’t see this as an effective enough warning, they planned to create a more visible warning, expected to start displaying on the page itself, beginning at the end of January.
This warning will be a loud and clear one from Google to users – your information is vulnerable on this website and you should not enter it here. It gives users power more than ever to make an informed decision about their online security.
Further, Incognito mode will take the additional step of flagging all non-HTTPS sites, regardless of whether or not sensitive information is exchanged.
In part because of Google’s cracking down on non-HTTPS sites, more than 50% of desktop loads are HTTPS. Google keeps track of major websites who do and don’t use HTTPS in its transparency reports. Facebook, Amazon, Twitter, and Wikipedia all use HTTPS. Big sites eBay and Microsoft, however, do not.
Recent Discussion of Implementing HTTPS Warnings
Forbes recently published an article in August staying a major rollout of the non-HTTPS warnings is expected to take place in October. It debates whether or not it’s a necessary step, arguing that interacting with a website can be as simple as searching in the search bar. It believes because of Google’s major influence on the internet as a whole will act to further push web developers to make some changes. They predict that with enough influence from Google and user complaints, it’ll become priority for a number of websites.
How to Set HTTPS Up
Although as of this moment, Google is primarily focusing on non-HTTPS pages containing sensitive information, eventually all HTTP pages will be marked, so make the switch before it starts having an impact on your websites.
Your first step in enabling HTTPS on your website is to obtain an SSL Certificate from a Certificate Authority or CA. The certificate: (1) enables your site to encrypt non-corruptible data when communicating with users and (2) also acts as a symbol stating your website is both legitimate and secure from the trusted party (the CA).
There’s a little more work to do after you obtain your SSL Certificate. To make the migration, you must:
- Approve the certificate
- Do a full backup of your site
- Change all internal links
- Check code libraries
- Update all external links possible
- Create a 301 redirect
Also, don’t forget to update URLs in the following areas: Google (Search Console Analytics), AdWords, any other paid ads, social profiles, and top citations.
Not Making the Switch to HTTPS Hurts Both Your Users and Your Website
It’s critical that web developers take notice to the reprise in discussion of non-HTTPS warnings. You threaten the security of your users when you don’t use HTTPS. Further, you risk tanking your SEO, scaring away customers with Google Chrome warnings, and a slower site if you continue to ignore this issue. With the excessive number of public cybersecurity scandals, why wouldn’t you want to take the extra step to keep both your customers and your business safe?