Since the start of the year, websites that have been sending on passwords and payment information are being indicated as unsafe by Chrome, Google’s browser, when they do not use HTTPS. In the future, the company wants to label all non HTTPS websites as unsafe. Chrome is the second browser that started with warnings for unsafe connections. Firefox (Mozilla) has been doing this for quite some time, both say they want to make the warnings even more clear.
What is ‘HTTPS’ or HyperText Transfer Protocol Secure?
Wikipedia describes ‘HTTPS’ or HyperText Transfer Protocol Secure as an extension on the HTTP-protocol with as goal to safely exchange information. When using HTTPS, information is being encrypted so it is impossible for an outsider to know what type of information is being sent.
HTTPS is mostly being used by payment transactions by credit card or with internet banking and exchanging or sending and saving privacy sensitive information such as name, address, date of birth and other personal information.
Why is that?
Both Google and Firefox have been working on stimulating the use of SSL certificates which leads to a safer internet. Google’s goal is a completely encrypted internet. Google has recently been taking the use of HTTPS as a ranking factor in their search results. Aside from that they take the lead in discouraging the use of obsolete certificates. While it feels sudden because of the warnings, it’s not really the case.
How does such a warning look like?
There are different warnings within the same website, we clarify:
When we are on a page where we aren’t able to directly exchange privacy sensitive information, we see the standard notification; the information icon
When we visit a page where we are able to leave privacy sensitive information such as a login page or the check out of a webshop, the text ‘unsafe’ shows up next to the information icon.
Google is planning to label all ‘non HTTPS’ pages like this:
While Firefox’ notifications are similar to Google’s, there are some small differences:
On a ‘regular’ page we see the information icon at the same place.
When we surf to a sensitive page, we see a ‘lock’ item which is crossed out in red to indicate that the page is unsafe.
Firefox goes one step further and shows a warning on the entry fields.
What if I do have an SSL certificate?
Important to mention there are 3 ways to validate.
- Domain validation: with SSL certificates with domain validation, only your domain is being validated, for example: ‘yourcompanywebsite.co.uk’. The website’s owner will not be verified and the certificate does not contain company information.
- Price per year at Combell: €50
- Organisation validation: all company information is being carefully verified and integrated in the SSL certificate. When you visit the website and click on the word ‘safe’ in the search bar, you can look at the information and verify whether the owner in the certificate matches with the website you are visiting.
- Price per year at Combell: €99
In both cases this is being visualized like this:
- Extended validation: Follows the strong extended validation (EV) guidelines so take a long delivery term into account. This EV certificate results into a green address bar with the official company name which increases your potential customers’ trust.
- Price per year at Combell: €300
The address bar looks like this:
Why did it take so long for companies to catch on?
There are many factors that played a role into the switch to HTTPS. It took a while to move the older sites and losing speed was inevitable, on top of that it had a negative effect on your ranking in search engines. Who would want to build in a slowing down factor in its webshop without it being necessary? So especially e-commerce players weren’t too keen on moving their webshops to HTTPS. Currently, the loss of speed is negligible and Google confirmed that there is no loss when switching to HTTPS. In fact, it can have a positive effect on your ranking in search engines.
There no reason to wait any longer to switch your webshop to HTTPS, it’s highly recommended. You might miss potential customers because they might prefer to take their shopping elsewhere, where they can browse safely.
There are no big differences between the different types of certificates. When you run a webshop, it can be significant for your customers because they might feel safer while shopping online.