Chrome now marks HTTP pages as “Not Secure” if they have password or credit card fields. Beginning from October 2017, Chrome is showing the not secure warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode. The notifications were sent to webmasters via Google Search Console. Sites that are HTTP and have credit card fields and require passwords are already marked as not secure.
Google noted that recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not Secure” warning. It’s Google’s first wave of security changes to convert webmasters to encrypted HTTPS target pages that ask for login data or credit card information.
Have forms, login fields and other input sections on your HTTP website? Chrome is going to mark them as not secure.
Use HTTPS everywhere
HTTPS is designed to protect the integrity and the confidentiality of data. Chrome is showing a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. You should plan to migrate your site to use HTTPS for all pages. Emily Schechter from the Google Chrome Security Team said more actions should be expected in future, remarking, Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. So If your site is currently a HTTP domain, you need to migrate to HTTPs to avoid your web traffic being warned off visiting a site. Converts from HTTP to HTTPS may see temporary fluctuations in their site rankings.
This post is intended to aid Web Developers in updating their sites to avoid this warning.