HTTPS For All Secure Sites

Google is Requiring HTTPS For All Secure Sites on Chrome


If your site collects data like names, emails, phone numbers, or credit card information, you’ve probably already put a good deal of thought into security. But if you haven’t taken the steps to protect your visitors and your site with an SSL certificate and migrated your site to HTTPS, that data may not be as safe as it could be - and Google is taking action.

By the end of January, sites not marked with HTTPS will be deemed insecure by Google. This brings serious implications for business sites on Chrome whose sites are not yet secured, and Firefox and other browsers are sure to follow suit. Site administrators should seriously consider gaining an SSL certificate before the change creates issues for their sites.

What Exactly Is HTTPS?

Just as HTTP (Hypertext Transfer Protocol) is a language passed between a client and a web server, HTTPS (Hypertext Transfer Protocol Secure) offers the same capabilities but with a secure connection. This keeps third parties from being able to observe and intercept data passing between your computer and the site you’re on.

For those sites that collect personal information, this extra layer of protection can be critical to the security of your customers’ data. HTTPS encrypts data using an SSL/TSL (Secure Sockets Layer and Transport Layer Security) protocol, which limits the ability for prying eyes to obtain or even understand the data as it is passed along. Only the receiving website can decrypt the data; standard HTTP, on the other hand, offers no such protection.

This is a big part of the reason Google has come down firm on the side of HTTPS, effectively labeling all HTTP sites as unsafe - a decision they’ve been tossing around for years. But today’s users now shop online more than ever, and they’ve come to expect a safe secure connection with each transaction. That’s why Google has decided it’s time for shoppers to get what they want.

So What Will Happen To My HTTP Site?

Up until now, Google has only taken the effort to label sites as “Secure” - you might’ve noticed a small, labelled lock icon next to a URL containing the HTTPS marking. Typically, HTTP sites were simply displayed neutrally, without any indication one way or the other. This is about to change, and starting at the end of January with the release of Chrome update Chrome 56, Google will being labelling all HTTP sites that collect credit card information or passwords as “Not Secure,” part of a long-term plan to mark all HTTP sites as non-secure in the months to come.

According to one study cited by Google, users “do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently.” That’s why Google plans to roll out this change in gradual, but increasingly stringent, steps.

Is That The Only Reason Google Decide To Make The Switch?

If we had to venture a guess, we’d say privacy and user security is a major concern for Google - a parallel, it seems, to their concern over dominance as the go-to online marketplace. More and more avenues have popped up for users to search for - and even purchase - their desired products online, including Facebook-based platforms like Marketplace and Shopify.

Users tend to engage with Facebook with a higher degree of assumed trust - thanks, in part, to features like the Security Checkup, which allow users to set their unique privacy level in ways Google typically does not offer quite as readily. The implicit trust this helps build on Facebook simply doesn’t exist as strongly with Google users, and so in an effort to remain competitive in online sales Google has transitioned from rewarding HTTPS sites with higher search rankings to these new punitive measures for those sites that remain unprotected.

Ok, So When - And How - Should I Switch Over To HTTPS?

HTTPS is already a good idea for your site, and has been for quite some time. It’s more secure, offers a better user experience for your customers, works in favor of your search rankings on Google, and reduces the risk of a potentially embarrassing incident of data theft from your online store.

Plus, according to Google, HTTPS is “easier and cheaper than ever before," and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Most of the leading sites on the web are already on HTTPS, and the most commonly used browser is undeniably Chrome - so it’s always good practice to keep up to date with industry leaders and the behavior of your audience.

The actual process of switching your site over to HTTPS involves several technical actions, including generating a CSR on the server hosting your website, obtaining an SSL Certificate from a Certificate Authority (CA), and adding your new SSL Certificate correctly to your server. You’ll also have to make sure all HTML generated by your website includes only secure links.

If you’re not sure where to start in the process of certifying your site as secure or how to move forward from here, our expert developers here at Altos can help get your HTTPS site secure, up, and running. Drop us a line or send us an email and let’s start working to get your site ready for the changes coming up in the next few weeks.