Still struggling to get rid of the HTTPS “Not Secure” warning? Let’s start with the basics of these Chrome browser errors and then dive deep to understand how it affects your web traffic.
What exactly is the HTTPS “Not Secure” error?
HTTPS (Hypertext Transfer Protocol Secure) is a protocol designed to transfer information securely between computers over the World Wide Web (WWW). HTTPS should not be confused with HTTP Strict TransportSecurity (HSTS), a standard that ensures browsers always connect over HTTPS; however, HSTS is also important to consider related to this error (see below). The reason behind HTTPS is that sensitive information (such as login credentials or personal data) is easy to steal through standard HTTP connections because it is displayed as unencrypted “plain text.”
This is why one should never enter their personal details on a website that shows the HTTPS “Not Secure” warning. The notice is an effort by the Google Chrome browser to protect the user data that flows through it.
To accomplish HTTPS, you need a properly validated and installed secure sockets layer / transport layer security (SSL/TLS) certificate; additional recommendations are below.
How do you know if your website is NOT properly HTTPS secured?
Any of these issues can demonstrate a potential problem with your website’s transmission security:
The website is not opening.
The website opens, but there is a red strike on the HTTPS in the browser’s URL field.
The website is not opening on selected systems, even when they have the same version of the web browser.
Is HTTPS “Not Secure” really going to affect you?
The problem with this warning goes beyond it being scary and repellent at face value. Users today show their loyalty towards brands that reflect trust, security, and ethical privacy policies. Lack of security practices on any website not only steers visitors away but also directly impacts brand loyalty among your repeat visitors. This warning will have an immediate impact on user stickiness and will eventually reduce search engine rankings, traffic, leads, conversions, and retention.
In 2014, Google started updating its algorithms across the internet in favor of https websites. Let’s say your website is the same as your rival’s website in its content, speed, title tags, and other factors. If you have https security, you will rank higher. So, if you want to help your site’s ranking, the https issue should be a high priority.
Better rankings lead to more traffic, and vice-versa. The HTTPS error creates a trust issue for your visitors, since they are informed that their connection is insecure and that their private information is at risk. Fixing the error reestablishes your trust and authority, improving your site’s click-through rate.
Why would somebody buy or otherwise engage with your website if they are not sure about their safety? For good reason, users trust secure connections more. For example, a 2016 Global Sign survey of European consumers found that 84% would abandon a purchase if they saw an insecure connection notice.
To avoid these abandonments and address a critical search ranking factor, update your website for consistent, properly configured HTTPS.
How to fix the HTTPS “Not Secure” warning
To overcome the previously mentioned issues, let’s explore some straightforward fixes:
1. Check whether HSTS is enabled.
To enable HSTS for your site, it is mandatory for your site to have a valid SSL/TLS certificate installed and activated. Enabling HSTS will restrict your visitors to browse your site via enforced security. With HSTS implemented, a web browser automatically converts any HTTP (insecure) requests into HTTPS (secure) ones.
2. Determine if an SSL/TLS certificate is properly installed.
To provide the level of security your visitors expect and deserve, an SSL/TLS certificate must be enabled. It can be obtained from a third-party certificate authority (CA) and that is where you want to get one, to avoid self-signed certificate errors. The certificates you get from the CA will be specific to your website (and it may make sense to invest in the high-end extended validation, or EV, version for greater assurance). You can also create your own certificate with the internet information services (IIS) server; however, you may have continuing trouble with visitor trust given the self-signed issue described above. Note that you can purchase a low-end domain validation (DV) certificate immediately, while you should expect delays and additional validation steps for organization validation (OV) and especially EV certificates.
Some of the benefits of an SSL/TLS certificate are:
Secures the data transfer
Increases Google rankings
Improves your SEO
Enhances customer trust
Raises conversion rates.
3. Update all URLs to use HTTPS.
You can update your Uniform Resource Locators (URLs) i.e., your individual webpage addresses to use HTTPS links. To make this change, use a server-side approach to redirect the user if their request is in HTTP, such as inserting PHP code snippets at the top of the page.
4. Check if all 301 URLs redirect to the HTTPS version of the website.
A highly efficient and search-engine-friendly method for website URL redirection is the 301 redirect. In order to convert pages from HTTP to HTTPS or change file names, the 301 redirect is a safe option. The code 301 is interpreted as “permanently moved.”
Having a security error sabotage your website can be extremely stressful. But by taking the above actions, you can get everything fixed and relax!
There are various other factors to consider to further bolster your website’s security. Are you optimizing security for your online presence? For an in-depth audit and practical guidance, email us at firstname.lastname@example.org or book an appointment to reach our subject matter experts.
Digital marketing consultant with 15+ years' experience. Primarily focused on consulting companies on their digital presence while helping them grow technology for attribution and advertising. Worked with brands and created product roadmaps, created and managed multivariate testing, performed site optimization to increase organic traffic, improved conversion rate on e-commerce sites, and created monetization plans for the largest business websites in the US.