After Google announced that it had started considering HTTPS as a metric when deciding the pagerank of a given website (giving higher priority to SSL secured websites over their non-SSL counterparts) it was only a matter of time before they took the next logical step and started further penalising websites without SSL (HTTPS) support.
What we weren't expecting was Google to decide to go a step further: pretty soon, Google will mark HTTP websites as “unsafe”, and warn users about websites that are not using HTTPS.
A planned change proposed to the Google Chrome browser will ensure that when a user visits a non-secure website, a red "X" mark will be displayed in the address bar. At the time of writing, Google Chrome uses this mark when the SSL certificate of a website is incorrectly configured or has expired, thereby warning user that there is a problem with the SSL certificate of the active website.
However, after the change is in effect, even otherwise safe websites that have no malware or security issues, say your blog or small business website, will be marked as “unsafe” in Google Chrome, driving users to abandon your site, wor worse, pushing them towards your competitors
A sign of things to come?
We might be seeing the first signs of this new behaviour in the latest development releases of Google Chrome, which already shows a info mark icon in the address bar next to non-HTTPS website.
Current behaviour in the latest development release of Chrome (this normally turns into a stable, public, version of Chrome) showing a info mark icon next to the site address, encouraging visitors to click and be informed that their connection to the site isn't private:
And the current stable release of Chrome (that most of your visitors will be using if they use Chrome) shows a blank icon next to the site address:
And this is how a HTTPS secured site displays in Chrome, with a nice confidence inspiring green closed padlock:
Another reason to go secure…
For more information on making your website secure using SSL and HTTPS get in touch, we can have you up and running with HTTPS in 24 hours!