In case you missed it: Chrome to mark non-HTTPS pages insecure
Google recently announced that in version 56 of their Chrome browser (expected in about 3 months) will change the address bar to clearly label websites served without HTTPS as “not secure” if the page contains a password or credit card input field.
Furthermore, this is just one step in Google’s plan to have Chrome display a warning on all websites served without HTTPS regardless of the page content.
What this means is that if you don’t currently have a plan in action to migrate your entire website to operate over HTTPS all the time, then you better start putting that plan together very soon.
Website Security Benefits
Aside from all the security benefits, moving to a fully HTTPS website also enables performance improvements through HTTP/2 (provided by default on section.io) and more effective use of browser caches. There are also some scenarios that become simpler to handle when your site only uses HTTPS, such as Cross-Origin Resource Sharing and protocol-relative URLs.
Website Security and HTTPS Challenges
Based on our experience helping our existing customers, the main challenges you should look for include:
- Pages that force a redirect back to HTTP if requested over HTTPS
- Third parties that do not provide their resources over HTTPS
- Absolute HTTP-specific URLs stored in a Content Management System
Some of these can be address by a CDN solution like section.io that provides free SSL certificates and we’d be happy to discuss them with you.
If however you have found that your challenges include:
- Certificate issuing and renewal
- Achieving a secure web server TLS configuration
- Adding additional headers for, eg, Content Security Policies or Strict Transport Security
Then you definitely should talk to us, as these problems are easily addressed by the section.io platform. Please contact us with any questions about HTTPS or sign up now for a trial which includes a free SSL certificate.