Since last July Google Chrome, the most used browser worldwide (53% of users), reports website without HTTPS protocol as unsafe. Today we will see what it exactly means, what has changed about the web security certificates and how to make a site safe in the eyes of Google and of users.
What is HTTPS protocol?
The HTTPS (Hypertext Transfer Protocol Secure) is the protocol for online communication which has the aim to assure the security of users and protect data exchanged through Internet. That is possible using the Transport Layer Security certificate (TLS), that ensures three levels of protection:
- Encryption: information exchanged between user and websites are encrypted so nobody can intercept data, activities, conversations and take private information.
- Data integrity: data can not be changed or damaged during the transfer.
- Authentication: it shows that the user is communicating with the right website. It protects sites from possible cyber-attacks and generates confidence in users.
As we said above, HTTPS protocol is linked to the possession of a TLS certificate, which has the purpose to assure a secure connection between the user’s browser and the server. The TLS protocol corresponds to an updated version of the old SSL certificate (Secure Socket Layer) and has taken its place as the new certification of security for websites.
Google Chrome 56 and the latest releases
The HTTPS has been introduced for the first time in January 2017 with version 56 of Google Chrome, the first one which reports websites without that protocol as unsafe. That report was through a small label “i” set in the URL bar, but only when the user was entering passwords, banking data or personal information, and the navigation was not blocked on the “unsafe” sites. Release 62 brings other news: the report starts when users enter any kind of data. But is the version 68 of Chrome (July 2018) which makes the difference and the HTTPS protocol becomes no longer an option for Google.
Although it is not a mandatory procedure, all websites without TLS certificate are immediatley reported as unsafe, even without the entering of data by users, and they are penalised in terms of ranking in the Google SERP. From September 2018, with the version 69, change also the way of reporting; the green bar of “safe website” disappears and it’s replaced by a grey lock. The latest version of Chrome (70) highlights in red the “unsafe” words and all the data-entry fields in websites without HTTPS, by raising awareness among users about online security and privacy.
HTTPS & SEO
As we just said, since last July HTTPS certification takes on a great resonance, especially if we talk about websites which request sensitive data-entry like e-commerce platforms. Websites that not have HTTPS (so “unsafe” websites) will not be banned and users can keep browsing, but they will be more aware about risks in terms of their security. Indeed, TLS certificate ensures a lot of benefits compared to the old HTTP protocol. IT assures a higher protection of data and a of costumers which use the site. In addition, it reduces the “man-in-the-middle” cyber-attacks and the probability of suffering a sensitive data theft or abuse. Finally, one of the advantages of HTTPS is that affects the website ranking, a thing that can not be underestimated and makes the new Google regulation a requirement more than an option. Web portals with have the old certification are penalised in the Google SERP, so it is obvious that any website which would have success and ensure their users a great user experience must use HTTPS protocol.
HTTP- HTTPS migration
How to make your website safe in the eyes of Google? The first step is surely to purchase a TLS certificate (it replaces the old SSL certificate whose name is still used for force of habit). There are two types of certificates, according to addressee, availability and price. There are also many certified authorities who sell them. Once you have purchased the protocol, you need to install it on the server, which many times is handled by the hosting provider. Took these simple steps, your website will be equipped with HTTPS and will guarantee to Google and to your users a high-level of security.