
We’re excited to hear your project.
Let’s collaborate!
The harvest season, no doubt about it! Autumn (the month of October to be more precisely) is taking us... “Google Chrome novelties” picking! Starting next month Google Chrome will be displaying new “Not Secure” warnings for HTTP pages.
We're talking, in fact, about two additional situations where these discouraging alerts get triggered in users' address bars:
Note: speaking of the second scenario, the “Not Secure” warning will show up on ALL HTTP pages surfed in Incognito mode.
Take it as Google Chrome's next level in its “campaign” of pushing the web on the HTTPS side. A plan structured into multiple gradual steps aimed at discouraging users from “venturing” on non-encrypted websites. And, implicitly, at “forcing” website owners to do the necessary: move to sitewide HTTPS.
But first: which are the HTTP protocol's drawbacks? Those that Google Chrome warns users about through its new “Not Secure” warnings for HTTP pages?
Basically an HTTP connection:
On the other hand an HTTPS protocol page:
And now to answer your legitimate question, whether switching from HTTP to HTTPS is really worth the resources (of time and money), let us just imagine this scenario here:
“A user walks into a/lands on your website and is ready to make a purchase. A payment form is presented to him and he is about to enter his credit card information when... he gets a warning, in his address bar, that your site is not secure...”
How? Making sure that Google Chrome will label as “of secure origins” all the:
“Of secure origins” meaning that both the top-level page and the iframe (in case the user needs to enter his/her data in an iframe) need to display the HTTPS protocol.
In other words: if your HTTPS login/payment form is presented to your users in an overlay on top of an HTTP page, then you'll need to either:
Taking the “shortcut”, placing an HTTPS iframe in an HTTP top-level page, is not a solution!
Since the new “Not Secure” warnings for HTTP pages that Google Chrome will be rolling out this October are nothing but another step in its “macro plan” to label ALL HTTP websites as not secure.
So, why waiting for the inevitable to happen? Why should you “mend” when you can go for a long-term, in-depth solution? When you can make the move now and migrate your Drupal website to HTTPS?
Take Google Chrome's new “Not Secure” warnings for HTTP pages as a new step in its whole master plan towards an HTTP-free web!
It's a plan they first launched in November 2016 and which they're implementing gradually. So that the users grow more and more aware of the risks they expose themselves to accessing HTTP web pages, as the Google Chrome security team confirms:
“Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria."
There's no way of knowing, for the time being, when precisely Google Chrome will mark all HTTP sites as non-secure. When it will label them all with the red triangle currently indicating broken HTTPS pages.
What we do know is that this is the ultimate goal of their strategic plan. So, instead of waiting for the confirmation of the date in the calendar, why not gradually prepare your website for this move?
We’re excited to hear your project.
Let’s collaborate!