If you have sites on HTTP, Google has begin sending out notices to site owners that their sites will be flagged as “not secure” in Chrome beginning in October 2017.
So what does this mean? If your site has any form – which would include things such as a comment form – then Google will show the site as being not secure in the Chrome browser. Additionally, Google will show this warning for ALL pages when viewed in Incognito mode. So if your site has no forms but is the type of site that people might prefer to visit via Incognito, then those sites will be shown as not secure.
The change will begin in October 2017, with version 63 of Chrome, so site owners still have a month or two in order to implement HTTPS on their sites.
However, some sites are getting these notices even if they are HTTPS. This is because many site owners have both the HTTP and HTTPS versions of the site verified in Google Search Console. But even if the HTTP is correctly redirecting to the HTTPS equivalents, Google is still sending a warning notice to those HTTP properties.
Here is what the notice Google Search Console is sending out looks like:
The notice also confirms that this is only a step in the process that will eventually see all pages on HTTP marked as not secure.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020
David Damingues says
And that would be a very ridiculous thing to do! Another step is made toward expansive internet, since a certificate is very expensive for a small site.
Jennifer Slegg says
There are free certificates available through Let’s Encrypt for site owners: https://letsencrypt.org/
DéAnna Ernst says
What is aggravating is that it has clients of managed sites in a panic and believing that their sites are not valid. Especially even when they are already HTTPS as you have pointed out.