contadores de paginas web Saltar al contenido

Google continues to take steps to mark all HTTP pages as "Not Secure"

cambios en chrome 62 y el http

The search giant continues its crusade towards a more secure network, in January Chrome began to show a Unsure on those pages that request passwords and credit cards under HTTP connections and have now announced their next step.

As of October 2017, the tag will be displayed on HTTP pages that request some type of data (not just for passwords and cards) and also when using the browser in incognito mode, the tag will always appear under HTTP.

The ultimate goal is that in some time all HTTP pages will carry the tag. These gradual steps that are being taken are not taken lightly and are based on research that has been done on user behavior, see Rethinking Connection Security Indicators.

Chrome is not the only browser that has taken steps in this direction, Firefox is also doing so with notices directly on forms that request passwords and cards:

It should be remembered that when browsing under HTTP the connections can be intercepted giving rise to various scenarios that compromise privacy. An attacker could, for example, capture the information entered or modify a page to their liking to change their advertising, inject malware or even change the information that users are currently viewing.

On the other hand, when the connection is made under HTTPS, all the information travels in encrypted form from the users' computers to the servers of a website or application, offering greater security and privacy. While it is true that even under HTTPS attacks can be carried out on connections, they are more complicated to carry out and administrators or webmasters can reinforce security with HSTS and HPKP policies.

Finally, comment that SSL certificates can now be obtained easily and free of charge, one of them is using Cloudflare although it has some limitations and the other free way is using Lets Encrypt, a certification authority that has the support of various companies including Google, Facebook, Mozilla, Akamai, among others.

At the SEO or search engine optimization level, a change to HTTPS is similar to a domain change and it is not a complicated thing to do. In general, if everything is done correctly, the positioning tends to stay the same.