HTTPS is no longer optional. You must have it on your website, Learn Why?

1
436

Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”.

More than half of web visitors will soon see this warning when browsing unencrypted HTTP sites, according to data from Cloudflare’s edge that shows 56.62% of desktop requests originate from Chrome. Users presented with this warning will be less likely to interact with these sites or trust their content, so it’s imperative that site operators not yet using HTTPS have a plan to do so by July.

chrome68

Mozilla: A post on the Mozilla Security Blog titled Communicating the Dangers of Non-Secure HTTP informs users that in upcoming releases, Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS”. Firefox’s in-context warnings are even more prominent than those implemented by Chrome.

Google’s Emily Schecter announces that “Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

What’s coming next? What should I expect after July 2018?

The “lock” in the address bar was always about motivating sites to migrate to HTTPS, but along the way studies showed that positive trust indicators don’t work. Google’s introduction of “Not secure” is one important step towards the ultimate goal of deprecating HTTP, but as mentioned earlier, will not be their last.

We expect Google’s assault on HTTP to continue throughout the year, culminating with an announcement that the lock will be removed entirely (and replaced by a negative indicator shown only when a site does not utilize HTTPS). Below is some additional detail on this expected next step, along with some additional predictions for the webPKI ecosystem.

OK, I understand what’s going to happen, but how can I tell now if my site is going to show a warning in July?

The simplest way to tell if your site will soon show a “Not secure” label is by viewing it in a current version of Chrome or Firefox. If you do not see a lock, your site will soon have a more ominous warning. To get a preview of this warning, you can try browsing your site with a development version of either of these browsers by following the instructions below.

Chrome:

  • Use Chrome 65 or later.
    • The easiest way to do this is to install Chrome Canary, which runs bleeding edge builds. Alternatively, you can install the dev channel alongside stable, but this can be confusing to launch as the applications look identical.
  • Browse to chrome://flags/#enable-mark-http-as.
  • Change the setting from Default to Enabled and click the RELAUNCH NOW button.
  • Browse to a site that does not use HTTPS, such as neverssl.com.

chrome-notsecure

Firefox

Firefox has not announced a date yet when this change will go into effect, but you can preview what it will look like when they do.

  • Use Firefox 59 or later.
  • Enter “about:config” in the address bar.
  • Click “I accept the risk!” to view the advanced config.
  • Search for “security.insecure_connection” and flip all false values to true.
  • Browse to a site that does not use HTTPS, such as neverssl.com.

firefox-notsecure

What can I do to avoid this warning?

Quite simply, all you need to do to avoid this warning is protect your site with HTTPS using a valid SSL certificate. Get an SSL Certificate for your website from Gen X Web Hosting.

After purchasing SSL, Click Here to know how to redirect your website from HTTP to HTTPS from our knowledgebase.