Google Chrome to Mark All Non-SSL Sites as “Not Secure” in June 2018

Mar 23, 2018 Tim Callan Alerts & Notices

Google recently announced that the Chrome 68 release, scheduled for June 2018, will mark all sites not protected by SSL as “Not secure.”  According to Google any HTTP page will be treated as shown.

Chrome calls non-SSL pages "Not secured"

This development matters greatly to just about every commercial web site in production for several reasons:

  • Research consistently shows that trust indicators affect visitors' likelihood to complete online transactions or share potentially sensitive information.  Positive indicators (like the Norton Secured Seal) increase transactions and negative indicators like this one decrease them.
  • Even if traffic doesn't drive direct financial benefit (such as it does for an online retail site or lead generation page), companies publish web pages to make information available to a target audience.  Asking your clients, shareholders, employees, and other constituents to navigate past a warning that says "Not secure" to access your information is a losing proposition.  What will happen in reality is these audiences simply won't consume your content.
  • The brand damage is considerable.  The world's most popular browser will begin telling more than 50% of the people navigating to your web site that it is not secure.  How will that affect their perception of your brand?  In what other ways will they question the security of your site and your business?

This step is the latest in a progression Google has been taking to push sites toward HTTPS over unencrypted HTTP.  In 2017 Google began marking HTTP sites as insecure in a variety of circumstances, and for years it has given greater SEO value to SSL-secured sites.

So between now and June, make sure all commercial web pages are covered by SSL.  Otherwise you may see a business hit.