Chrome Reminds Us to Be Secure or They Will Let Everyone Know Your Site is 'Not Secure'
Last Updated -
Starting in July Chrome started agressively warning users if a site is not using HTTPS. Chrome started visually indicating any web site served via HTTP as insecure.
This is one of the final stages of their plan to increase consumer awareness of insecure sites.
Google and other major companies and organization like Microsoft and Mozilla have been preaching to web developers and online marketers to adopt HTTPS as the default means to serve web content.
Chrome Not Safe Indicator
In July, Chrome 68 was released, which changed the address bar's security indicator from a simple icon to an icon and message. The message will clearly state 'Not Secure'.
To the average consumer this will give them caution to trust your site. I think at first many will notice the difference, but over time they may ignore the warning. But hopefully more sites are served using HTTPS than not and this won't be an issue.
There are many reasons why you should upgrade to HTTPS, low cost is just one. But more importantly your site will rank better in search engines and you will have access to modern APIs that enable better user experiences.
No More HTTPS Objections
Despite objections by many there is really no reason you should avoid using HTTPS for your web site. One of the primary objections has been cost.
In the past annual certificates cost from $50-400. In recent years TLS certificate fees have dropped at the technology has become a commodity. Today services likeLet's Encrypt and Amazon's AWS certificate manager provide free certificates.
Wordpress also upgraded all of their sites a couple of years ago, making HTTPS the default, not an option for millions of web sites.
HTTPS Advantages
The primary APIs I love are HTTP/2 and service workers. HTTP/2 is a new version of HTTP that corrects many of the short commings of HTTP/1.1 that cause load slower. HTTP/2 allows us to deprecate many performance hacks we invented to imrpove load performance, like domain sharding and bundling CSS and JavaScript files.
Other modern browser features are gated behind HTTPS. This includes Geo-Location (previously ungated), Web Payments API, mediaCapture and the pending BlueTooth API are just a few examples.
If you need further proof not using HTTPS is a mistake you should look at traffic patterns. Chrome reports 68% of Android and Windows traffic is secure and a whopping 78% on MAC and ChromeOS! On top of that 81% of the top 100 sites use HTTPS.
There is more to using HTTPS than just installing a certificate. You will also need to modify any full links to URLS on your site. This may mean more than just changing references to other pages, stylesheets and scripts. You may need to go back and modify all image references.
You will also need to make sure you change any third party resrouces to use HTTPS or you may trigger anunauthenticate script error.
Summary
Love2Dev is 100% behind the pending update to Chrome. We believe the web should be secure by default.
Chrome is not alone.
Other browsers are implementing similar policies about HTTPS. The failure to use HTTPS is a deliberate choice to run off potential customers.
It is important that you update now and don't wait. Once you install a certificate you will need to update your site to use secure protocol references both internally and externally.
