Chrome 56 and Firefox 51 take steps toward adoption of HTTPS Everywhere

Starting with Chome 56 and Firefox 51, pages that collect passwords or credit card information that are not secured by HTTPS will be marked as not secure in the address bar.  Both browsers were released in late January. We expect the other major browsers, Safari and Internet Explorer, to follow suit. With roughly 50% of the Worldwide and North American market using Chrome and Firefox, it is very important to take steps to implement HTTPS sooner rather than later.

What does it look like?

In Chrome, pages that collect passwords or credit card information are subject to the warning. For now, Firefox only flags pages that collect passwords


Comparison of Chrome 53 and Chrome 56 treatment of HTTP pages with password or credit card inputs

Firefox 51 treatment of HTTP pages that collect passwords

 

Both browsers promise to take steps in future versions to display more ominous security indicators for all HTTP pages, regardless of content.  These warnings on pages may lead to decreased trust and conversions. There are also implications for search rankings.


Future versions of Chrome will display this warning for all HTTP pages

Example in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS in future versions of Firefox


HTTPS Everywhere is part of a broader effort by industry organizations such as Google, Mozilla, the Electronic Frontier Foundation (EFF) and others to help make the Internet safer.  To that end, Google began including HTTPS as a search engine ranking signal in 2014. In other words, running under HTTPS is not just for e-commerce or sites with protected content. It’s for anyone interested in security and search engine optimization.

What should I do?

First, check to see if you're running under HTTPS already.  Click the button below then enter your host and domain name (e.g., www.risdall.com) into the form to test your site.  Not only will the test determine whether your site is running under HTTPS but it will provide additional information regarding the secure protocols supported, potential vulnerabilities, and an overall grade.

Test Your Site

If the results indicate you are not using HTTPS or that you are using an older version of SSL or TLS, you need to take steps to protect your users and your search rankings.  Securing your site properly involves some IT, development, and SEO steps. We have created an HTTP to HTTPS Checklist and would be happy to guide you through the process. Please connect with us online or by phone at (651) 286-6700 if you have any questions or would like to set up an appointment. We would be happy to answer your questions and coordinate next steps to making your site more secure and SEO friendly.

Connect With Us

Joel Koenigs

Written by Joel Koenigs