Google Chrome and Firefox highlight unencrypted websites

05 April 2017

Google and Mozilla are on a mission! Back in 2015, the companies behind the Chrome and Firefox web browsers came to the conclusion that all traffic through all websites should be encrypted.

Recent changes to their web browsers move them a step closer to that goal.

Background

Data sent to and from an encrypted page cannot be read by anyone intercepting the data en route whereas unencryped web pages can. An encrypted web page is usually identified by a padlock in the address bar:

Traditionally, encryption was always restricted to those web pages exchanging sensitive information (such as user id and password or credit card details); this was largely due to the fact that the overhead of encrypting and decrypting data slowed everything down too much. The conclusion reached by Google and Mozilla was that, with today's better CPUs, this was not as strong an argument as it used to be and that best practice would be for all pages to be encrypted, regardless of whether they are sending sensitive information.

Unfortunately, making every page on a website encrypted is not as easy as changing a configuration option on the server - every page needs checking to make sure that it doesn't try and load any assets (image, stylesheet, script, etc.) in an unencrypted manner. If it does, you will see the dreaded browser warnings about mixed secure and non-secure content:

How do Google & Mozilla intend to persuade website owners to encrypt their websites?

With recent updates to both Chrome and Firefox, web sites that do not use encryption throughout now show a grey exclamation mark where the padlock would normally appear. Clicking on the exclamation mark shows a message warning you that the site is not encrypted:

We expect future updates to the browsers will strengthen this message!

Do I have to do anything if my website shows this exclamation mark?

The simple answer is no - we believe that currently so many high-profile websites still do not encrypt every page that most users are so used to the exclamation mark that it is seen as normal.

In addition to the BBC website used in the example above, other examples of well-known websites that show an exclamation mark in Chrome and Firefox include:

The more complicated answer is that encrypting your entire website is now considered best practice and all new websites built by axisfirst since Spring 2016 have been designed to operate in this mode. We also expect that browsers will, at some point in the future, start displaying messages that are more obviously a warning and less just for information. Google also announced that it will give some preference to encrypted sites in its search results. How much preference is, as always, a closely guarded secret but it is generally believed that it is a smaller contributory factor to search engine optimisation than having a mobile-friendly website.

Retro-fitting this mode of operation to an existing website may be straightforward but may not - depending on its age and a number of factors such as how images have been added via the Content Management System (CMS). If you would like to address this with your website, please contact your account manager or the Web Support team.

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...
OK

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit www.allaboutcookies.org. Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.