Google and Mozilla want HTTPS to be used on all pages… Are you ready for it?

Soon, both Chrome and Firefox browsers will warn users even more strongly when they visit a page that is not secured via the HTTPS protocol. What is going to change?

HTTPS is important

In a nutshell: the HTTPS protocol (HTTP secure) allows to establish a secure connection between the browser of your visitor and your website.

  • Encryption offers protection against eavesdropping: the information entered by your visitors is unreadable.
  • Moreover, authentication confirms that your website belongs to the person who claims to be the owner. It is thus not a fake.

HTTPS is based on the SSL certificate, of which different versions are available:

1. Chrome will require HTTPS when running Incognito browsing mode

Currently, the Chrome browser already shows a warning in the address bar when you land on an HTTP page that contains an input field for a password or a credit card number.

As of October 2017, a warning will be displayed in two additional situations:

  • When your visitor must enter information on a website (including information other than a password or a credit card number)
  • or when he visits your website using the Incognito mode, even if there are no input fields.

And this last situation is particularly important. Many Internet users choose the Incognito mode to protect their privacy, because when they use this mode, they cannot be tracked via cookies and other trackers, and their browsing history is not saved. The “not secure” warning will undermine their confidence in your site.

Google clearly stated that a warning will be displayed on all websites that do not use HTTPS.

2. Firefox will also have a stricter policy regarding non-HTTPS pages

The Firefox browser displays a locked green padlock in the address bar on HTTPS pages. Starting with version 51 of Firefox (January 2017), a grey padlock with red strikethrough was added as a warning to non-HTTPS pages where a password is requested.

Firefox shows green lock icon on HTTPS protected pages

In the next versions of the Firefox browser, an additional in-context warning, which will be much clearer, will be displayed on pages that do not use HTTPS. When the user clicks on a username or password field, he will see the grey padlock with strikethrough next to a warning indicating “This connection is not secure. Logins entered here could be compromised.”

Firefox shows clear warning on pages without HTTPS

Just as Google Chrome, Mozilla confirms that, eventually, a padlock with strikethrough will be displayed on all non-HTTPS pages.

Google Chrome and Mozilla Firefox will soon display a warning on all non-HTTPS pages. Do not lose your customers’ confidence and switch to HTTPS now!

Do not wait any longer: protect your website with HTTPS right away!

Today, the efforts made by Google and Mozilla have paid off. Since Chrome 56, the number of pages with an entry field for password or a credit card number that do not use an HTTPS connection has decreased by 23% in Chrome. With Firefox, the number of login forms protected via HTTPS has increased from almost 40% to almost 70%. Ad for the total number of HTTP pages, it has increased by 10%.

What about you? Have you done something for a better protection of your website yet? Do not wait any longer and prepare your website for this new development. Not only will this help you protect your visitors, but your website (and your company) will also inspire more confidence in users.

Read more about Let’s Encrypt, the free SSL certificate that Combell provides by default with your website. Our articles “SSL: what is it and how does it work?” and “The SSL certificate: what should you do?” will provide you with further information about SSL certificates. Finally, remember our handy SSL wizard, which can help you determine what certificate best suits your needs.