Beginning in October 2017, Google's Chrome web browser will begin flagging any website that includes form fields as "NOT SECURE" if the page is not served via HTTPS.
We hope you find the FAQ below helpful in understanding this important change.
Who Does This Change Affect?
Google Chrome browser users and all website owners.
What Will Users See If I Do Not Secure My Website?
At the time of this writing, all Google has said is that a "NOT SECURE" message will be presented. Most likely, this will be the same as Chrome's standard warning page for sites that do not have a valid SSL certificate. That screen is below. It's not pretty and you definitely DO NOT want your website visitors to see it.
What is HTTPS?
HTTP is the connection protocol that links your web browser on your computer, phone or tablet to the website you are viewing. HTTPS adds a "secure" element to the process, encrypting the traffic so that personal information you submit will not be compromised.
Does My Website Use Forms?
If your website has input fields for user login, search, contact information, commenting or collecting email addresses for a newsletter your site uses forms.
Is My Site Already Secured?
VIsit your website using Chrome and check the URL bar. Does a Lock icon appear? If so, your site is already protected. An example is below.
How Do I Secure My Site?
You can secure your site by obtaining a SSL (Secure Socket Layer) certificate. Your website host should be able to help you with this step. Or, you can contact Heideldesign if you need additional assistance.
What If I Have SSL But My Site Isn't Showing a Secure Status?
There are several possibilities for why you may not see the secure icon, even though you have a SSL certificate installed. Those include improperly installed certificates and "mixed content" warnings. Those occur when some page elements are served via HTTP and others served via HTTPS. Be sure to check not only scripts and files linked on your own site, but third party URLs as well. If you need help troubleshooting, let us know!
If I Don't Use Forms Should I Still Use HTTPS?
Yes. Google has said that targeting websites with forms is the first step in eventually marking all HTTP pages as not secure.