HTTP pages with forms to be marked as Not Secure in Google Chrome

Nabeel Khalid
Oct 24, 2017 9:54:00 AM

With the latest release of Google Chrome 62 browser on October 18th, users visiting websites with contact forms where there is no SSL certificate installed will begin to see a warning notifying them that the connection is not secure.

Up to this point, the warning message applied only to websites that collect sensitive user data (such as logins, passwords, contact and credit card details).

However, this is no longer the case, as a ‘not secure’ warning in Chrome 62 will be enabled by default for all web visitors using incognito mode as well as for any pages that contain input fields (be it a simple search bar for internal search or contact form that requires you to submit your e-mail address). In the case of the latter, the alert is displayed even if the user is not in incognito mode and applies to literally any type of information a user can type in.

The screengrab below shows the comparison how Not-Secure warnings were handled before and in Chrome 62.

google chrome shows warnings for websites without ssl

HTTPS Connection On Contact Form Pages

SSL (Secure Sockets Layer) is an encryption protocol that works over computer network and is now considered an industry standard for e-commerce websites – even if third-party payment handlers are used, such as WorldPay or PayPal.

Even if your website is not an online shop, it probably includes a contact form or a simple search bar where visitors are asked to input personal information – such as their name, phone number, email address and location. This data needs to be protected in the same way as logins, passwords and credit card details to prevent them from falling into the hands of spammers and fraudsters.

It goes without saying that the majority of web users will have the same login credentials for multiple accounts, including popular social media platforms. Man-in-the-middle attacks aim to eavesdrop on the connection between server and end-device, making it very easy to hack your Facebook account when your credentials are leaked.

Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. This way, data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.

With the latest release of Google Chrome 62 browser on October 18th, users visiting websites with contact forms where there is no SSL certificate installed will begin to see a warning notifying them that the connection is not secure.

Up to this point, the warning message applied only to websites that collect sensitive user data (such as logins, passwords, contact and credit card details).

However, this is no longer the case, as a ‘not secure’ warning in Chrome 62 will be enabled by default for all web visitors using incognito mode as well as for any pages that contain input fields (be it a simple search bar for internal search or contact form that requires you to submit your e-mail address). In the case of the latter, the alert is displayed even if the user is not in incognito mode and applies to literally any type of information a user can type in.

The screengrab below shows the comparison how Not-Secure warnings were handled before and in Chrome 62.

google chrome shows warnings for websites without ssl

HTTPS Connection On Contact Form Pages

SSL (Secure Sockets Layer) is an encryption protocol that works over computer network and is now considered an industry standard for e-commerce websites – even if third-party payment handlers are used, such as WorldPay or PayPal.

Even if your website is not an online shop, it probably includes a contact form or a simple search bar where visitors are asked to input personal information – such as their name, phone number, email address and location. This data needs to be protected in the same way as logins, passwords and credit card details to prevent them from falling into the hands of spammers and fraudsters.

It goes without saying that the majority of web users will have the same login credentials for multiple accounts, including popular social media platforms. Man-in-the-middle attacks aim to eavesdrop on the connection between server and end-device, making it very easy to hack your Facebook account when your credentials are leaked.

Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. This way, data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.

How You Can Benefit From an SSL Certificate Installation

  • Encrypting the connection keeps data secure from eavesdroppers – while the visitor is browsing your website, nobody can interfere with the data exchanged (man-in-the-middle attacks), track user activities across multiple sub-pages or steal their information.
  • An SSL certificate serves as proof of your credibility as a company – users know they are communicating with the intended website. A Non-Secure warning shown at any stage of the check-out process increases the drop-off rate significantly – users simply abandon their basket. These orders will never be completed.
  • Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  • Google ranking boost – this is niche-relative.
  • No one will be able to tamper with the way your website is displayed – see a case study on AT&T Hotspotsinterfering with how websites were displayed to users connected to their hotspots

Some free-plan SSL certificates are not compliant with and may not work on older devices/OS:

That’s why we always recommend Clients to purchase commercial SSL certificates – they cover all devices/OS and come from trusted and verified providers who issue warranties. Commercial CA (Certificate Authorities) are also able to supply wildcard certificates for multiple subdomain names (*.domain.co.uk). Commercial SSL certificates can also be issued for public IP addresses.

You can find out more in this article by Search Engine Land.

What’s included within our SSL certification installation service:

  • Installation of a paid SSL certificate server-side and on your domain
  • Update of all website URLs to reflect the new HTTPs URL including assets, imagery, all CSS / JS files with absolute URL structure
  • Making sure all external scripts called use HTTPS
  • Update of all canonical tags
  • Force-redirect to a HTTPS version of your site
  • We offer the options of single, multi-domain or wildcard SSL encryption installation, depending on your business needs.

Subscribe by Email