Which websites Google classifies “not secure”?
One of Google’s goals in recent years, is to develop a safer navigation environment for all Internet users. As part of this effort, a few months ago announced its intention to increase online safety through a sign on the new version of Chrome.
While so far there was no substantial signs on pages using simple HTTP connections, from version 56 of Chrome onwards, Google declares officially that it characterizes as unsafe the sites that do not use an SSL certificate, based on the fact that the communication with them is not encrypted.
What is the current status
Many of the sites you visit every day, may not have an SSL certificate installed, so HTTP connections used in their communication are not encrypted. This does not necessarily mean that a site is dangerous for the user, provided of course not to exchange personal data with it. One of the factors that compose a site’s level of security is the use of SSL, but not the only one.
Until recently, in fact, encryption was considered necessary only in banking and ecommerce sites or individual checkout and login pages. Since, however, Google used the HTTPS as a ranking signal and applied in 2014 the logic of the «HTTPS everywhere», encryption is now considered necessary in all the pages and content, including CSS files, widgets, java script, photos, videos, etc., of a site.
Accordingly, from our perspective as a user, particularly when we have to register personal information (credit cards, passwords, address, phone, etc.) on a web page, we need to check that the page we are navigating is in a safe environment , confirming the existence of the green padlock in the address bar, along with the word «Secure».
However, according to surveys, although users feel confident watching a security clearance, they are not automatically aware of the absence of a corresponding risk indicator. Because of that, Google has decided to take certain steps that would further draw the user’s attention visually.
What is Google planning to do
Until now, Google had characterized the sites that use HTTP connections to a neutral (rather than negative) index, since it is not necessarily dangerous, as we saw above. From now on, however, the new version of Chrome will mark as unsafe the sites that ask, at any point, their personal data and have not enabled an SSL certificate.
This move includes both appropriate labeling on the address bar, and the gradual lower rank in the search results for sites that do not use SSL, which is a problem for SEO.
In contrast, sites that use SSL certificates and offer HTTPS connections to their users enjoy both the certification of green padlock and higher positions in search results on Google.
As a next step, all websites that do not use SSL will be treated as non-secure, even in a simple static content without form fields and the display will change to make it even more clear:
What you should do with your website
To avoid the classification of your site as unsafe, you will need to install an SSL certificate, since the new version of Chrome that will mark the sites is already available to users.
Even if your site does not handle personal data, will be affected in the near future. You should, therefore, take care of having an SSL certificate installed, which will protect you from the classification «not secure».
Before you decide which certificate you will choose for your site, you need to do a little research on the key categories of SSL certificates (Domain Validation, Organization Validation, Extended Validation) and their differences. Naturally, the needs and requirements for the reliability of an e-shop is completely different compared to a site that maintains a simple contact form. Finally, try to be properly informed about what is true in terms of cost – reliability, before you eventually make your final choice.