Jump Links

Browsers now alert users if your site is not secure

Back Posted on 01 Mar 2017

Websites that don't have an SSL certificate to provide a secure connection are now flagged as not secure by major browsers including Chrome and Firefox.

Icon: too long; didn't read

Chrome and Firefox are the first browsers to actively push for all websites to be served over secure https connections.

If your site collects payment or login details and doesn't have an SSL certificate the browser now flags your website as Not Secure.

For the sake of customer confidence, Google rank and the wider security of the internet you should get an SSL certificate asap.

It is well known that Google strongly advocate and push for a better web - faster, more organised and now more secure.

In September 2016 they announced that websites served over http connections would be flagged by Chrome as not secure.

http has always been insecure - malicious users can watch and even modify traffic before it reaches you.

Now Google and others including Mozilla, makers of Firefox, are rolling out updates that will begin to make http a thing of the past.

Updates to Chrome will be phased.

  1. Initially only pages that collect sensitive information such as password or credit card details will be flagged as insecure
  2. Later anyone using Incognito (Chrome's private browsing mode) will see any page served over http flagged as inseure. This is because Incognito users have a greater expectation of privacy
  3. Eventually all pages that do not use a secure https connection will be flagged with the same red triangle that alerts users to websites with broken secure certificates

Screenshot of Chrome address bar indicating http website is not secure
Screenshot from Chrome showing address bar alert that web page with user login form is not secure when served over an http connection.

Screenshot of Chrome alert detailing effects of http website not being secure
Screenshot showing more detail about why website is not secure in Chrome.

Why is this is important?

Between them Chrome and Firefox represent 56.38% of the browser market [1].  And with the W3C and the US Government calling for universal use of encryption other browsers will soon follow.

Chart showing browser market share in February 2017
Chart of browser market share in February 2017.

So right now over half of your users could be told your website is not secure which won't exactly inspire confidence in your brand or ability.

Does this affect me?

At the current stage of implementation only websites with login or payment forms are flagged by Chrome as not secure.

This means online stores and websites with password protected member areas must act now.

What do I need to do?

Installing an ssl certificate on your web server means connections can be made over the secure https protocol.

There are two types of certificate:

How to get an SSL certificate

You can get an SSL certificate from your:

Is anything else required?

Depending on your choice of provider you may require a dedicated IP address before you can install an SSL certificate.

This costs around £5/mth and is sometimes paid annually in advance. Moving to a dedicated IP requires additional configuration to your domain name and hosting settings.

How to install your SSL Certificate

Your website and potentially domain name will need some updates made to their configuration before they can use https. For most small business websites this can be done in a few hours.

Things to be aware of

When do I need to do it?

Ultimately every website must transition to https. And if security wasn't a good enough reason remember it builds trust with users and Google use https as a ranking signal.

If you need help or have a question about how to secure your website and transition to https you can find me on Google+ and LinkedIn or send a message.


  1. netmarketshare.com