{"id":3997,"date":"2017-05-01T09:47:50","date_gmt":"2017-05-01T13:47:50","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=3997"},"modified":"2017-06-01T17:25:02","modified_gmt":"2017-06-01T21:25:02","slug":"chrome-http-warning-spreading","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/chrome-http-warning-spreading\/","title":{"rendered":"Browser Watch: Chrome HTTP Warning Spreading to More Pages"},"content":{"rendered":"

The Chrome HTTP Warning is continually raising its expectations for page security.<\/h2>\n

If you are a regular Chrome user, you have likely noticed the frequent changes to the browser\u2019s SSL UI. The primary padlock icons changed last year<\/a>, and a few months ago a\u00a0Chrome HTTP warning<\/a>\u00a0was added to pages.<\/p>\n

These changes are part of a major project which will re-invent our understanding of connection security as the web\u2019s adoption of HTTPS picks up.<\/p>\n

This means that as more of the internet\u2019s traffic becomes encrypted<\/a>, Chrome will continue to raise their expectations and make the unsecure nature of HTTP connections more prominent.<\/p>\n

Late last week, Chrome announced the next step in this project.<\/p>\n

The \u201cNot Secure\u201d warning, which currently appears on HTTP pages with login\/credit card fields, will be shown in two more scenarios later this year.<\/p>\n

When Chrome 62 releases (around October) the \u201cNot Secure\u201d warning will appear on any HTTP page if you start typing data into the page. This includes any HTTP page with text field, such as a search function, contact form, or address box, will trigger the warning.<\/p>\n

This warning will be \u2018dynamic\u2019 and only appear once the user starts typing data into a field. This behavior is demonstrated in the below gif.<\/p>\n

\"Chrome<\/p>\n

In addition, the \u201cNot Secure\u201d warning will appear on all <\/strong>HTTP pages when you are in \u201cIncognito\u201d mode, which provides a private session.<\/p>\n

In the announcement for this latest change<\/a>, Chrome engineer Emily Schechter wrote \u201cwhen users browse Chrome with Incognito mode, they likely have increased expectations of privacy.\u201d<\/p>\n

This table summarizes the changes:<\/p>\n

\"Chrome<\/p>\n

Schechter also reminded us that Chrome\u2019s plan is to \u201ceventually\u201d show the \u201cNot Secure\u201d warning for ALL HTTP pages in all contexts. Chrome\u2019s team has not given specifics on when this will happen, but we know it is tied to HTTPS adoption.<\/p>\n

A few versions ago, Chrome added this \u201cNot Secure\u201d warning for HTTP pages with password or credit card forms. This has already led to a 23% reduction in the number of navigations occurring to such pages – evidence that the indicator has been a strong motivator to site administrators to adopt HTTPS.<\/p>\n

If you operate a website without HTTPS and don\u2019t yet have a transition plan, you should start developing one as soon as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Chrome HTTP Warning is continually raising its expectations for page security. If you are a regular Chrome user, you have likely noticed the frequent changes to the browser\u2019s SSL…<\/p>\n","protected":false},"author":2,"featured_media":4003,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17],"tags":[131,155,375],"class_list":["post-3997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","tag-google","tag-google-chrome","tag-not-secure-warning","post-with-tags"],"views":9063,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/05\/iStock-458564549.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=3997"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3997\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/4003"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=3997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=3997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=3997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}