HTTP pages with JavaScript pop-up modals for login or something similar.HTTP pages with dropdown or embedded login information.HTTP pages that collect payment info (warning for Chrome only).Pages That Are At Riskīelow are the four types of HTTP pages that will be affected with these browser updates: **UPDATED JANUARY 25, 2017** Firefox has released details about their changes in a blog January 24, 2017. Like the address bar alert, these in-line form alerts can be expanded for additional information. Like Chrome, Firefox is also set to auto update by default, so you can expect most users to have the newest version of the browser very soon after it launches.įirefox will also add an alert for login fields where they serve saved credentials. In Firefox, users can expand the ‘Not Secure’ icon to show more detail about why Firefox is displaying the warning for the particular page, and they can also click the ‘Info’ icon to get more general information about HTTPS. Firefox’s update does not include pages that only collect credit card information unless they also happen to have a login functionality. They will only be using this treatment for pages that include login information. Rather than rolling out the updates over time, their update will include a ‘Not Secure’ symbol (a gray lock with a red slash), and an ‘Info’ button in the address bar right from the beginning. Firefox is taking more abrupt path to update their HTTP security alerts. The current version of the Firefox desktop browser is version 50, so the update that will happen this month is to Firefox 51. The degree of change associated with the update, (full version update or incremental update), may impact the level of information and advanced warning that Chrome makes available before each phase of the plan goes live. These changes may roll-out in future versions or Chrome, but it is more likely that some or all of them will roll out as incremental changes within a version number. Google hasn’t given a precise timeline for these changes, but we expect them to roll out fully over the next 1-2 years. Finally, the alert will display in a more aggressive red yield sign and font, instead of just gray text, as illustrated below:.Eventually, all HTTP pages will show the gray “Not Secure” message.Then Chrome will add gray “Not Secure” message on all HTTP pages a user accesses when browsing in incognito mode.Initially, Chrome will add gray a “Not Secure” message on HTTP pages collecting credit card info or login information (username and passwords) as shown above.The next phases for this project includes the following steps: (Or check out the full announcement from Google, if you prefer.) This is the first step in Chrome’s multi-phased plan to alert visitors to potential security concerns and encourage webmasters to move to HTTPS. Chrome 56 will add a gray “Not Secure” message in the address bar, ahead of the url on all HTTP pages that include login functionality, as shown below: (Google publishes all Chrome updates logs if you need further details.) ![]() Chrome is set to auto update by default and it actively checks for updates from Google every 5 hours, so you can expect most visitors to be running Chrome 56 shortly after it launches. The current desktop Chrome browser is Chrome 55, so the version that will launch later this month is Chrome 56. This round of browser updates puts a finer point on the need for websites to update, so that they can continue to build trust and safely engage with their users. ![]() Google has been strongly recommending sites move to HTTPS for over a year, and even created a slight algorithmic ranking boost for sites that do, to incentivise the change. ![]() Only about 25% of the web has made the transition to HTTPS so that leaves many HTTP pages potentially affected especially if they have site-wide login functionality in the page templates. Historically security notifications have focused only on pages that collect credit card information, so this increased focus on pages that collect login information is relatively new ground. They could even hurt Pageviews-per Visit and site conversions, if the impact on the site is widespread. While these changes will not have a direct impact on search engine rankings (mobile or otherwise), they could have a significant indirect impact on secondary SEO signals like site engagement, bounce rate, and time on site. Chrome will also add the notation on pages that capture credit card information a warning that is already in place in the most recent version of Firefox. In January of this year, (2017) Chrome & Firefox will begin showing ‘non-secure’ symbols in the address bar of HTTP pages that request that include a user login. Chrome & Firefox Updated Security Alerts for HTTP Pages January 16, 2017īy: Ashley Berman Hale How Chrome & Firefox Will Change the Treatment of HTTP Pages that Collect Passwords
0 Comments
Leave a Reply. |