Digital Publishing Top Stories

Publishers take note: Google will mark all HTTP sites “not secure” starting July

For publishers, getting quality traffic to their online properties is itself quite a big challenge, especially in the current environment of turmoil in the digital landscape. Next month onwards, things might get even more difficult for some.

If a website doesn’t start with https:// (i.e., with a reputable Secure Sockets Layer, or SSL certificate), Google’s new Chrome browser update will start showing a warning message to visitors, informing them that the site they’ve visited is not secure. Consequently, this will affect the site’s trustworthiness and may drive some visitors away.

Earlier this year, Google announced that “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.”

This is not a new initiative. For years, Google has been calling for “HTTPS everywhere” on the web.

Right now Google’s Chrome browser is in Version 67. In Chrome 68—effective July—the omnibox will display “Not secure” for all HTTP pages, like in the example below.

Eventually, Google will change the icon beside the “Not secure” label and highlight the text in red to further emphasize that user should not trust HTTP sites. Once this happens, publishers who are late in adopting the more secure HTTPS option will quite possibly see their audience count go south.

What is HTTPS?

HTTPS stands for ‘Hyper Text Transfer Protocol Secure,’ whereas HTTP stands for ‘HyperText Transfer Protocol.’ The difference, quite obviously, is about security.

HTTPS establishes an encrypted connection between a web browser and a server so that no malicious third party can eavesdrop and/or tamper with the data transmitted through the connection.

Simply speaking, when the transfer of sensitive details such as credit card details and passwords is concerned, HTTPS is of paramount importance. HTTPS encryption protects the channel between the browser and the website the user is visiting, ensuring no one in the middle can tamper with the traffic or spy on what the user is doing.

With HTTPS enabled, visitors get a constant, secure connection on every page of a publisher’s website. They can also see a green, closed padlock icon next to the website address in the browser, showing that their information is safe. This allows visitors to navigate the website and submit information through a secure connection.

What’s next?

According to Emily Schechter, Chrome Security Product Manager, “Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.”

HTTPS has also become quite easy to implement via automated services like Let’s Encrypt, giving publishers even less of an excuse not to adopt it. Google has also suggested its own Lighthouse tool, which includes options for migrating a website to HTTPS.

The best part about having HTTPS implemented? It can help a websites load faster, and actually help more visitors find your site. Google earlier announced that SSL-secured websites would potentially enjoy a rankings boost in their search results.

So with security benefits of privacy, data integrity, and protection against impersonation, plus with enhanced speed and rankings boost, the decision to implement HTTPS is basically a no-brainer for publishers still on the fence.

Related posts