HTTP stands for Hyper Text Transfer Protocol and describes the set of rules for exchanging information – files / graphics / sound / video on the World Wide Web. However over the lifetime of the internet, as these rules were so clear and widely known – they became easy to intercept or hack.
For this reason an American computer services company developed HTTPS – Hyper Text Transfer Protocol Secure. With HTTPs an extra layer of code is used to encrypt the data exchanged. Encryption means that the sender and recipient agree upon a “code” and translate their documents into random-looking character strings.
HTTPS was primarily developed for sites with banking services but has now widened to use by any site collecting any user login information.
Up until January 2017, Google Chrome did not specifically label HTTP sites as ‘Not Secure’. However since the beginning of January, if a user visits a HTTP site that collects passwords on a Google Chrome browser, Chrome will indicate connection security with an icon in the address bar. See screenshot below.
This is part of Google Chrome’s long term plan to mark all HTTP sites as non-secure ‘to help users browse the web safely’. However they intend to do this gradually as their research shows that users can become blind to warnings if they occur too frequently. For example they plan to extend the ‘Not Secure’ warning to all HTTP sites visited by users in ‘incognito’ mode as there is an added expectation of security in this mode.
The ‘Not secure’ icon in the address bar will also eventually change to a more prominent red text with warning symbol –
Also at the moment if your site is HTTP the ‘Not Secure’ warning may only trigger on the page of the site with the login form.
Currently more than half of all sites served over the Google Chrome network are HTTPS. Moving a HTTP site to HTTPS is a step by step process for site developers. It can be done in stages – i.e. initially only moving the login / password page of the site to HTTPS – but the ideal is to move the whole site to HTTPS.
More info for developers on moving to HTTPS can be found here.
There is speculation on whether having ‘Not Secure’ warnings on your site will affect its organic ranking.
So far the data is not consistent on this but the thinking is that if all other factors are equal – the HTTPS site will gain the higher rank.
In any case to ensure User peace of mind, we would recommend that HTTP site owners currently affected by the warnings look towards moving to HTTPS as a priority.
For more advice on this and other site optimisation factors call us at Search Scientist.