After much speculation that Google Chrome would be alerting users to any website that doesn’t employ HTTPS, we finally know how Google plans to flag unsecured websites in Google Chrome, the different settings it uses and best of all, anyone can test it out.
Ilya Grigorik posted what he calls his “New favorite Chrome Canary flag” and it doesn’t look that bad for those who have an unsecure website.
The flag they use is actually much smaller than what many webmasters were fearing, bring up concerns about pop-up alerts or huge red flags that would result in and when not visiting the site, even for sites that are being unsecured wasn’t a huge concern, such as information site that does not collect any data.
What chrome is using instead is simply a tiny X that appears next to the URL.
Any user can currently download the Google Chrome Canary. To view the new unsecure flag, download Chrome Canary, then go to chrome://flags/ Then scroll here:
This feature is currently turned on by default, however the default setting is to not alert for a site being unsecure, and it sounds as though they are planning to turn it into a default feature for all users in a later Chrome build. What setting will be the default when it goes live is anyone’s guess, however “mark non-secure origins as non-secure” will be a likely choice.
You are what the different options show in the address bar field depending on the choice.
Mark non-secure origins as non-secure:
Mark non-secure origins as dubious:
Mark non-secure origins as neutral:
Mark non-secure origins as Default:
As you can see, neutral and default are currently the same.
However, one does have to wonder how many people will actually notice it, unless they are specifically looking for it. While tech savvy users would know, the majority of non-tech savvy people would either not notice it or not know what it means – clicking on the X doesn’t give users any reasons to be alarmed if they do bother to look.
Last year, many webmasters began switching to HTTPS earlier this year after Google announced it would be used as a ranking signal. Google later backtracked slightly to state that it wasn’t a noticeable signal for webmasters but they still recommended switching as good practice. In fact, Google announcing it as a ranking signal increased the number of secured sites by 3%, the largest jump ever seen.
It is also worth remembering that Google did confirm that content sites were affected by HTTPS, and this new Chrome flag is showing for sites that do not collect personal information from visitors.
If you have been sitting on the fence about switching to HTTPS, the Google Chrome team put together a guide on making the switch.
And of course, this is still testing in the test version of Google Chrome Canary, so things could always change before it makes it to the live Chrome.
H/T to Barry Schwartz who spotted the Google+ post.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- Google Testing “Near City” in Local 3-Pack - September 27, 2016
- Use Google Disavow Like Before, No Changes With Real Time Penguin - September 26, 2016
- No Changes to Link Related Manual Actions with Penguin Real Time Launch - September 26, 2016
- Google Launches Real-Time Penguin 4.0: All The Changes & Details - September 23, 2016
- Google Testing Individual Hotel Booking Block at Top of Search Results - September 22, 2016
[…] certificates. We have known for some time that Google was making the change, as back in January they announced that Google would begin flagging non-HTTPS sites in an upcoming […]