SEO Update: HTTPS More Urgent as Google Chrome Prepares “Not Secure” Warning

Starting in October, Google Chrome users will see a “Not secure” warning when entering data on any HTTP-only page that contains a form or text-field.
Nate Dame
Nate Dame
CEO and Founder
Nate is the founder and CEO of Propecta, a results-oriented SEO consultancy trusted by forward-thinking companies, including a few of the world's largest B2B and technology brands. Propecta builds holistic SEO strategies, supports internal teams, and offers full-service execution to create an organic search presence that generates significant revenue.
September 5, 2017

Starting in October, Google Chrome users will see a “Not secure” warning when entering data on any HTTP-only page that contains a form or text-field.

Google first announced HTTPS as a ranking factor in 2014. Back then, it was just a minor signal, but Google noted in its announcement that it may increase the weight of the signal over time. Not only has Google stuck to its commitment to make HTTPS migration a priority, its upcoming changes will impact the overall user experience for non-secure sites.

What This Newest Change Means for B2Bs

Any time a user enters data on a page with a text-accepting form field—a login page, gated content download form, demo request form, or newsletter signup field—the URL for the page will be prefaced with a “Not secure” warning in Chrome’s omnibox:

not secure screenshot

This has been the default browser behavior for password and credit card fields since January, but the new change applies the warning to all pages that accept data. Additionally, every page of an HTTP-only site will display as “Not secure” when users are browsing in Incognito mode.

This newest behavior could deter users from entering data on a website and may diminish brand credibility with new visitors. For novice users, the “Not secure” label may be seen as a warning of a potential phishing attempt.

And while this change isn’t directly related to SEO and rankings, it could still have negative impacts. If site visitors leave without performing actions because of the warning, it could harm engagement metrics, signaling to Google that your site/content no longer satisfies user intent. In turn, rankings may decline.

How to Avoid the “Not Secure” Label

If you haven’t yet migrated to HTTPS and are concerned about how this change may impact the user experience, the best thing to do is begin the process of migrating to HTTPS.

On a large site, migration is no small feat, but it’s the best way to prevent pages from being labeled as “Not secure.” Google intends to eventually label every page of HTTP-only sites—whether they collect information or not—as “Not secure.”

There are other possible options—such as installing an SSL certificate on a subdomain and moving all form pages to that subdomain—but these options are only short-term fixes, may damage SEO over time, and will increase the complexity of complete migration.

HTTPS Is About More Than Just SEO

Google’s push to encourage websites to transition to HTTPs is an attempt to make the internet a safer place. Delaying migration not only has potential impacts on SEO and the user experience, it also creates a window for the data collected on websites to be exploited by malicious intruders.

A good first step in preparing for this change is identifying which site pages contain data-collecting forms. With help from a developer, you may be able to install a security certificate and use HTTPS only on those pages as a short-term solution.

But keep in mind that this newest change is just one more step toward Google’s goal of labeling all HTTP pages as “Not secure.” Complete migration may be time-consuming and costly, but it’s inevitable.

Thoughts?

We've love to hear your feedback, questions, or inspiration about this post.
Hit us up on Facebook, Twitter, or LinkedIn.