2017 Google Security Changes: Avoiding “Not Secure” Warning

by Noa Shavit

Each time Google modifies its policy or algorithm, website owners must reevaluate their strategy for distribution and search or risk lose search ranking and organic traffic.

2017 brought a number of changes to Google’s online security policy. These website restrictions have rolled out gradually, giving website owners time to adapt to the internet giant’s overall plan to secure the web. The direction is clear: Google is moving towards enforcing a secure internet. Website owners need to take action, or risk the repercussions.

Here are the two main security changes that caught our eye this year, and what you need to do to address them.

“Not Secure” Warning on HTTP pages with text fields: October 2017

Coming this October, Google Chrome will explicitly label any HTTP web page containing a text input field (such as a search bar) as not “Not Secure”. Consumers will see a “Not Secure” warning and icon in the address bar when unsecured (HTTP) web pages that collect data load. Consumers will also see a “Not Secure” warning on any web page they browse to in incognito mode.

This is not the first security restriction the internet giant introduced this year, with the overall goal of making the internet more secure. In fact, Google announced they plan to ultimately label every HTTP web page as “Not Secure”, and strengthen the alert displayed to consumers when they land on an unsecured page.

Not secure alert

Image Source: Google Security Blog

What you need to do

If you do not have a SSL certificate for your website contact your webmaster or hosting service to obtain one. Without this certificate you will not be able to obtain a secure (HTTPS) domain.

Keep in mind that Google sees secured and unsecured domains as two separate entities, so this transition is essentially a site move. There are repercussions on site migrations, and steps that need to be taken to avoid losing search traffic and ranking. Here are Google’s own recommendations for this process.

“Not Secure” Warning on HTTP pages that collect Credit Card or Password information: January 2017

In January, Chrome began to display “Not Secure” warnings on unsecured pages containing credit card or password input fields.

Chrome security changes

Image Source: Google Security Blog

What you need to do

If you do not have a secure domain and collect sensitive information your website visitors see the warning message above. Google flags pages as unsecured based on the URL parameters (HTTP or HTTPS in the browser address bar).

This means that even if your checkout is HTTPS secured, Google may still display a warning if the rest of your site is on an unsecured (HTTP) domain. For example, Xola’s checkout adheres to the highest level of internet security (PCI-compliant, 256 bit-encrypted, and Norton Security compliant), but your visitors might still see a Chrome warning message if your website in on an unsecured domain. Your customers’ data is always safe, but this warning message might be enough to deter some skeptical buyers. To fix this, contact your webmaster or domain parking service to obtain a SSL certificate and migrate your site to a secure domain.


Google is trying to ensure a more secure internet by warning consumers of inputting information into unsecured web pages and ultimately flagging entire websites as “Not Secure” if they are not hosted on a secure domain. And when Google changes something, website owners feel the affect. We highly recommend you take action and obtain a SSL certificate for your website before Chrome 62 roll-out this October.