Google Chrome to Remove ‘Not-secure’ Warning

Google Chrome has long been warning users about potentially unsafe websites through the “Not Secure” label displayed in the address bar. This warning is displayed on websites that do not have an SSL/TLS certificate (Secure Socket Layer/Transport Layer Security), meaning the connection between the website and the user’s browser is not encrypted. However, Google has announced that it will remove the “Not Secure” warning for websites that don’t use HTTPS encryption.

In this blog, we’ll explore why Google Chrome is making this change, what it means for website owners and users, and how you can protect your website and users from security risks.

What is the ‘Not Secure’ Warning in Google Chrome?

Google Chrome’s “Not Secure” warning is a visual indicator that alerts users when they visit a website that doesn’t have a valid SSL/TLS certificate. This certificate ensures that all data transferred between a user’s browser and the website is encrypted and secure from cyber threats.

The Not Secure warning appears next to the URL in the address bar. It is typically seen on websites that use HTTP rather than HTTPS. In contrast, HTTPS ensures that communications between the browser and the server are secure and encrypted, protecting sensitive information like passwords, credit card details, and personal data.

Why is Google Chrome Removing the ‘Not Secure’ Warning?

In recent years, Google has made a strong push for a more secure internet by encouraging website owners to adopt HTTPS. As of 2023, Google announced that it would be removing the “Not Secure” warning for HTTP websites, as part of its ongoing efforts to make the web more secure.

Reasons for this Change:

1. Widespread HTTPS Adoption: Over the past few years, there has been a significant increase in the number of websites adopting HTTPS. In fact, more than 95% of web traffic is now secured with HTTPS, making HTTP websites an outlier.
2. Improved Security: HTTPS provides a level of security that HTTP doesn’t. By removing the Not Secure warning, Chrome aims to de-emphasize the distinction between HTTP and HTTPS and shift its focus to other, more pressing security issues (like phishing or malware).
3. User Confidence: With HTTPS being the standard for most websites, Chrome’s change may help users trust that most websites are now secure, especially as HTTPS continues to become the default for nearly all web traffic.
4. Encouraging Site Owners to Upgrade: By removing the warning, Google is encouraging the few remaining HTTP websites to upgrade to HTTPS. This is crucial for ensuring better security across the entire web.

How Will Google Chrome Remove the ‘Not Secure’ Warning?

As part of this shift, Chrome will no longer show the “Not Secure” label for websites that are not secured with HTTPS. However, it’s important to note that Google is not completely eliminating warnings for insecure websites.

Instead of the typical “Not Secure” warning, Chrome will now focus on the following:

• More Prominent Security Indicators: Websites without HTTPS may still show increased warnings, including more prominent messaging about the lack of encryption. In fact, Chrome might place the “Not Secure” warning in a more noticeable position, such as within the site itself, to highlight the risks to users.
• Security Warnings in Forms: Even if the general warning is removed, Chrome will still alert users when they try to fill out forms on HTTP sites. This is because forms are areas where sensitive information like passwords and credit card details are input, and it’s crucial that this information is transmitted securely.
• Mixed Content Warnings: For websites that try to load both secure (HTTPS) and insecure (HTTP) resources, Chrome will still show warnings. This means that even if your site is HTTPS, if it loads mixed content (e.g., images or scripts from HTTP sources), Chrome will flag this.

What This Means for Website Owners

For website owners, this change emphasizes the importance of upgrading to HTTPS to avoid potential security risks and negative user experiences. Here’s what you need to know and do to prepare for the changes:

1. Ensure Your Website is HTTPS-Compliant

• Get an SSL/TLS Certificate: If your website doesn’t already have an SSL certificate, you should get one. Many hosting providers offer free SSL certificates through services like Let’s Encrypt, or you can purchase a paid certificate for additional security features.
• Redirect HTTP to HTTPS: Once your website has an SSL certificate, you’ll need to set up 301 redirects to ensure visitors are automatically redirected to the HTTPS version of your site. This helps maintain your SEO rankings and ensures users always visit the secure version of your website.
• Update Internal Links: Ensure that all internal links, images, scripts, and other resources are linked using HTTPS. If you use any absolute URLs (i.e., specifying the full URL in your site’s code), make sure they use HTTPS.

2. Test and Troubleshoot Mixed Content Issues

• Mixed Content Warnings: Chrome will still show warnings if a website loaded over HTTPS contains any content (images, JavaScript, etc.) loaded over HTTP. You should ensure all assets are loaded securely via HTTPS.
• Update All External Links: If you use third-party services that load over HTTP, reach out to those service providers to update their resources or consider alternatives that use HTTPS.

3. Monitor and Maintain Your SSL/TLS Certificate

• SSL certificates have expiration dates, and it’s important to keep track of this so your site doesn’t become insecure. Many certificate authorities offer auto-renewal features to help keep your site protected without interruption.

What Does This Mean for Website Visitors?

For website visitors, the change will likely improve their browsing experience, as they’ll see fewer security warnings while navigating the web. They will also have better confidence that their data is being transmitted securely on websites that support HTTPS.

However, visitors should still remain cautious. Even if the “Not Secure” warning is removed, they should:

• Look for HTTPS in the address bar (the lock icon) before entering sensitive data on websites.
• Be cautious about entering personal information or making transactions on websites that don’t display HTTPS.

How to Check if Your Website is Secure (HTTPS)

1. Look for the Lock Icon: In the address bar of Google Chrome (and other modern browsers), you should see a lock icon before the URL if the site is secure. The website’s URL should also begin with https:// instead of http://.
2. Click on the Lock Icon: Clicking on the lock icon will show you more details about the website’s SSL certificate, including whether it’s valid and issued by a trusted Certificate Authority (CA).
3. Check for Errors: If there’s an issue with the certificate (e.g., expired or not valid), Chrome will show a warning message. You should address this issue as soon as possible.

Conclusion

Google Chrome’s move to remove the ‘Not Secure’ warning for HTTP websites reflects the growing trend toward a more secure internet. This change will encourage more websites to adopt HTTPS, improving security and user trust across the web.

As a website owner, it’s crucial to make the shift to HTTPS if you haven’t already. Not only will it help you avoid security warnings, but it will also improve your search engine rankings, increase user trust, and protect sensitive data on your site.

For users, while the ‘Not Secure’ warning might be disappearing, it’s still important to be vigilant and ensure that the websites you visit are secured with HTTPS, especially when entering personal or financial information.