Coming July 2018: Google Chrome’s “Not Secure” Label, Are You Prepared?

Last updated on by Ted Vrountas in Conversion Optimization, Marketing Agency Tips

Earning conversions, generating leads, winning customers — they’re all dependant upon one thing: trust. Without it, you don’t stand a chance.

On your landing pages, trust indicators are subtle and powerful. Testimonials, badges, and HTTPS protocol are just a few things your prospects will look for before they consider trading their sensitive personal information for your offer.

And starting in July, without one of those trust indicators, your conversion rate could majorly plummet when Google Chrome marks all pages without HTTPS as “not secure.”

Google Chrome: “Not Secure”

In a recent blog post, Google Chrome Product Security Manager, Emily Schechter, said that informing users of unsecure web pages is something Google’s been gradually pursuing:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure.” Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure.”

Currently, a neutral indicator is displayed for sites using HTTP, but come July, will appear like this at the top of all web pages that don’t use HTTPS protocol:

This kind of indicator isn’t completely new, as Chrome began marking web pages last year as “not secure” when they requested sensitive information like password and credit card without HTTPS:

And just two years ago, a report from Google showed that 79 of the web’s top 100 sites still didn’t use HTTPS.

Fortunately, according to Schechter, the web has since made tremendous progress toward more security:

Still, 1 in 5 of the web’s top sites don’t use HTTPS. And when you consider the consequences of not doing so, it’s easy to see why Google’s chosen to flag sites that aren’t secure.

What is HTTPS encryption and how does it work?

Websites using HTTP leave visitors open to attack. Before a web page loads in a browser window, malicious third parties can view or manipulate its content to steal personal information.

With HTTPS, however, there’s an added step to the process: First, a browser will request an SSL certificate (“secure sockets layer”) — the web standard security technology for establishing encrypted connections online — from the web page.

If that page can provide one, a secure connection is established, and the user is directed to the web page. The ensuing session is encrypted and data can be more safely transferred.

If that website can’t provide the SSL certificate, a secure connection isn’t established. These are instances in which Chrome, the web browser of choice for more than half of all internet users, will notify visitors with a “not secure” label.

What this means for landing page creators

In many industries, marketers are required to adhere to security and privacy standards like PCI-DSS and HIPAA to collect information and run transactions.

However, this new change from Google doesn’t simply impact businesses in those sectors, but all website owners that don’t use HTTPS protocol. Specifically, the “not secure” label will hit landing pages using HTTP harder than all others, since these are pages designed solely for the purpose of capturing visitor information.

Web users may not glance up at the address bar of a blog or a homepage to determine if it’s safe, but they’ll certainly look for that security indicator on a landing page. So how do you make sure your visitors and your landing page conversion rates are safe?

How to combat the “not secure” label

Simply, beating Google Chrome’s “not secure” label comes down to using HTTPS — requesting certificates to ensure that all data transfer is safe as can be.

For developers and the code-savvy, Google’s open source Lighthouse tool can help make web pages more secure with audits and self-help instructions.

For landing page creators who don’t know much about the back-end operations of a web page, avoiding Chrome’s “not secure” label is as easy as signing up for a Core, Optimizer, or Team & Agency plan with Instapage.

Unlike the original Instapage plans, these come with SSL certificates built in, which means…

And on top of all that, you’ll have the newest tools for boosting conversion rate, packed into the most robust post-click optimization platform on the web. Those include:

Don’t let HTTP kill your conversion rate

While many users have updated to our newer plans and have access to all these features and more, some are still on the original Instapage plans. Starting in August 2018, all users will have to update to one of our new plans.

Keep in mind, any Instapage legacy user that hasn’t updated by July will receive a “not secure” label from Google Chrome on their landing pages. So if you want to avoid the potential negative effect on your conversion rate, it’s best to upgrade sooner rather than later.

Get access to all the above features, and avoid Google’s “not secure” label by upgrading to one of the new Core, Optimizer, or Team & Agency plans.