Apple Adding HTTP Security Warning in Safari Technology Preview 46
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Apple Adding HTTP Security Warning in Safari Technology Preview 46

Safari is joining Firefox and Chrome in warning users about HTTP pages

An Apple Insecure Form Warning is on the way. Safari Technology Preview is an advanced version of its Safari browser that allows you to see cutting-edge advancements that are still being finalized for official release. It’s kind of like Chrome Canary in that sense.

Safari Technology Preview version 46 is out now for macOS Sierra and High Sierra, and with it comes one major change to its UI. Now a security warning will show in the Smart Search field (the address bar) when users interact with a password or credit card form on a non-secure page.


Apple insecure form warning

And if you miss the warning, you’ll be prompted with this message – which is already active in the current version of Safari (11).

Apple Insecure Form warning

This is not exactly what Google and Mozilla have been doing all year, though it is similar.

Chrome and Firefox both began marking sites with non-secure password fields “Not Secure” back in January. Since then the warning has expanded to any site with a text field served via HTTP. The difference is Google and Mozilla put their security warnings right beside the URL in the address bar. As you can see above, Apple doesn’t warn you unless you click the Smart Search field.

Google Chromec 63 FTP "Not Secure" warning

Frankly, I don’t think Apple is being explicit enough with these indicators. Google’s practically slap you in the face. Mozilla seems to be more in line with that think than with Apple’s. Granted Apple has a much different UI than either of the other browsers, but it’s taking too many liberties in the name of aesthetics.

The warnings need to be more obvious.

Of course, this is all part of a bigger plan by the browsers to mandate HTTPS. Google, Mozilla and Apple (with Microsoft sure to follow suit) want you to install an SSL certificate and migrate to HTTPS. SSL secures the connections between a website and its visitors with encryption. That prevents eavesdropping and Man-in-the-middle attacks.

Eventually, the browsers plan to mark any webpage served via HTTP as “Not Secure.”

For now, though, the warnings are being slowly rolled out to give website owners and hosting companies an opportunity to prepare. Chrome is expected to upgrade its security warning next Spring to the point it will tag any website without encryption. Obviously, Google or Apple telling your visitors that your site’s not secure is going to have an impact on your bottom line.

So if you haven’t figured it out already, it’s time to get SSL.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.