HTTPS - Protecting the integrity of your website with NoseyFox SEO

One of the first areas that needs to be addressed with your website is the safety of your visitors. A website that shows any signs of being unsecure or untrustworthy will immediately turn the user off…literally!

HTTPS was, up until recently, used on pages where sensitive information such as usernames, passwords and credit card information was being inputted. However, recent changes to Google Chrome (one of the most widely used browsers in the world) now means that any page on your website will soon show a NOT SECURE warning to the user. We recommend changing your browser to show all HTTP sites as NOT SECURE until Google automatically shows the warning. Below is an example of a non secure site and the two styles of warning messages.

Marks & Spencer unsecure website - should be using HTTPS

To enable the Not Secure warning simply visit chrome://flags/#mark-non-secure-as and select Always mark HTTP as activily dangerous

HTTPS helps prevent hackers or intruders from gaining access to information and communications between your website and your browser. Intruders can include malicious attackers and also companies who are legitimate, but target your website with intrusive adverts on your pages.

These intruders can find ways to exploit your unprotected communications and trick the user into providing confidential and sensitive information. They could also trick the user into installing seemingly safe software, which is actually disguised malware. Third parties could push adverts onto a website that potentially damages the user experience and also create various security vulnerabilities.

Don’t forget, hackers will look to exploit every possible unprotected resource, including images, scripts, cookies and HTML. You can become a victim of such action on the user’s machine, your Wi-Fi hotspot/router, your ISP and more!

INTRODUCING HTTPS PROTECTS YOUR USER

The introduction of HTTPS on your entire website prevents an intruder being able to gain access to any communications between your website and your user.

Hackers can easily spy on your site without HTTPS

A common misconception (and something that surprisingly many large organisations still think) is that only webpages or sites that handle sensitive information need to be HTTPS. It is simply not the case! It is possible for every HTTP request to reveal information about the user’s identity and behaviour.

LOOK FORWARD – THE FUTURE OF THE WEB IS HTTPS

As more and more tools become available and many users’ online habits become more frequent and more personal, it’s an absolute certainty that every single website should be protected by HTTPS. After all, the consumer has the ultimate power to decide if they use your site at all. Once they decide your site is unsecure and may compromise their safety, they will leave and probably never be back.

A SUPRISING NUMBER OF MAJOR BRANDS HAVE STILL NOT UPDATED TO HTTPS

At the beginning of December 2017, we made sure our Google Chrome browser was updated to the latest version (63.0.3239.84) and changed the Not Secure warning to mark all HTTP as activiely dangerous.

As many users’ machines will be defaulted to update automatically, it is fair to say the results of our research will be relevant to most Chrome users.

Starting with some of the most renowned brands in the UK, we were surprised with our results. Although many websites were clearly up to speed with the whole HTTPS issue, some others weren’t so on the ball and risked losing users and damaging their brand.

The following websites were still showing pages on HTTP, which resulted in a user warning. Our browser search bar lit up with a bright red warning message – NOT SECURE!