David Knipe
Feb 12, 2018
(4 votes)

Google Chrome will mark your site as not secure if your site isn’t on HTTPS by July 2018 - what this means for you

At the beginning of July 2018 Google Chrome will start displaying an "insecure" message if the site its browsing is not being served over HTTPS:

Image Treatment of HTTP Pages@1x.png

Read more about this change here: https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html. Why is this change happening? Well according to Google "You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications". You can read more about why HTTPS matters here: https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https

Serving your site on HTTPS is important as the eventual treatment of all sites on served on HTTP in Chrome will look as follows:

Image blog image 2.png

Clearly seeing this warning would not be a good experience for your customers!

So why is serving your site over HTTPS important?

Trust is important. When a customer engages with your site they are engaging with your brand or service. This needs to be an engagement of trust. By serving your site over HTTPS you are proving that anything you are delivering to your customer could not have been interfered with as the communication has been encrypted between the browser and the host. 

Also if you and/or your developers want to take advantage of features such as the geo-location API then they require HTTPS: https://developer.mozilla.org/en-US/docs/Web/API/Geolocation/Using_geolocation.

As an Episerver customer what to do now?

We take trust and privacy seriously at Episerver as documented on our trust centre: https://www.episerver.com/about/privacy/trust-center/ and want you to trust Episerver to deliver trusted solutions to your customers.

If you an Episerver Digital Experience Cloud Service customer then your site is probably already being served over HTTPS as this is included as part of the service. If its not, then get in touch with your service level manager to discuss next steps in moving your site over to HTTPS.

If you are on a Episerver managed service contract then get in touch with your Episerver service level manager to discuss next steps in moving your site over to HTTPS.

If you are running your site on premise then you should contact your IT team and/or implementation partner to discuss migrating your site over to HTTPS.

Find out more 

Read more about the change coming to Google Chrome here:

Episerver Trust Centre: 

All images copyright Google 2018

Feb 12, 2018


Arild Henrichsen
Arild Henrichsen Feb 13, 2018 09:52 AM

Also, Google Chrome from version 66 (releasing on April 17th) will issue HTTPS warnings for all sites with SSL certificates issued by Symantec prior to June 1, 2016. 

The reason for Google distrusting Symantec certificates Symantec's history of issuing faulty certificates. 

The result: If your site has a Symantec SSL (HTTPS) certificate dated prior to June 1 2016, Google Chrome v66 will show a big hairy warning that your site in NOT SECURE.

More info: https://arkadiyt.com/2018/02/04/quantifying-untrusted-symantec-certificates/

Please login to comment.
Latest blogs
How to Merge Anonymous Carts When a Customer Logs In with Optimizely Commerce 14

In e-commerce, it is common for users to browse a site anonymously, adding items to their cart without creating an account. Later, when the user...

Francisco Quintanilla | Mar 27, 2023

How to Write an xUnit Test to Verify Unique Content Type Guids in Content Management

When developing an Optimizely CMS solution, it is important to ensure that each content type has a unique GUID. If two or more content types share...

Minesh Shah (Netcel) | Mar 27, 2023

Extend TinyMCE in Optimizely CMS 12

Since technologies are upgraded to newer versions the ways to extend or override the out-of-the-box functionality are also changed a little bit so...

Ravindra S. Rathore | Mar 27, 2023 | Syndicated blog

Telemetry correlation for Scheduled Jobs in Optimizely

I previously demonstrated how to correlate telemetry to Azure Application Insights within a Hangfire job. But how about those jobs that are built a...

Stefan Holm Olsen | Mar 23, 2023 | Syndicated blog