Common practice for browsers now is to start marking sites without HTTPS as non-secure. The aim is to improve security for sites that collect sensitive information, however all sites – even basic brochure sites, are being pushed down this route as HTTPS pages will be given priority in Google searches.
In simple terms, HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. HTTPS is a secure connection, whereas HTTP is insecure. With a standard HTTP connection, it is possible for unauthorised parties to observe the conversation between your computing device and the site.
This is only really relevant if you are entering sensitive information such as a password, credit card or bank information on a website. An HTTPS connection adds a blanket of security over that conversation using an SSL/TSL protocol (Secure Sockets Layer and Transport Layer Security). This connection encrypts data to prevent eavesdropping, protects its integrity, prevents corruption in transfer, and provides authentication to ensure communication only with the intended website.
Basically, HTTP is not secure, and you should never trust your sensitive information to such a site. HTTPS is secure and is becoming the web standard. What this also now means is webmasters need to ensure security certificates are implemented properly to retain their sites search position as non-secure sites will start to drop down the rankings. Users expect a secure and private online experience when using a website, so in penalising HTTP connections, Google is taking steps to ensure they get it.
Currently, Chrome indicates HTTP-only connections with a “neutral indicator,” marked by an information symbol. Click it, and you’ll see a warning that “your connection to this site is not secure” and “you should not enter any sensitive information on this site (for example, passwords and credit cards) because it could be stolen by hackers.”
HTTPS connections, in contrast, are marked by a lock symbol next to the word “Secure.” Click for more information, and you’ll see that the site is classified as secure and “your information (for example, passwords and credit cards) is private when it is sent to this site.”
The perception that only eCommerce sites need SSL doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you, or intercept your mail form information en-route.
Information security has become high on the agenda and people feel the need to protect their personal data. Adding an additional security level will allow users to make an informed decision about which sites to trust and add more confidence to those with a padlock, whilst those which remain insecure, may well end up getting avoided by people browsing the web.
In future, Chrome will label all HTTP pages with a red triangle to draw further attention to the insecure nature of the connection. So, the recommendation is to protect your visitors and your site with an SSL certificate and migrate to HTTPS.