August 18, 2017

Chrome and HTTPS: 40% of IR100 Retailers Not Ready for New “Not Secure” Warnings in October

Google is famous for announcing important technical news without fanfare. Last night was no exception when it sent a message through the Google Search Console that websites not using HTTPS will be subject to new “not secure” warnings starting in October. For online retailers these “not secure” warnings could scare away shoppers and negatively impact conversion.

Google has been preparing site owners for a few years now that HTTPS is very important and that it would like to see all sites transitioned to the secure protocol as soon as possible. The company started with the carrot that secure sites would rank higher than non-secure sites. Just how much that counts in the algorithm today is unclear and that could be contributing to a slow transition among retailers.

Despite Google’s steady drumbeat of announcements related to HTTPS, our research shows that over 40% of the Internet Retailer 100 has still not transitioned to the secure protocol. Google’s latest announcement is in the form of two new “not secure” warnings that will be shown starting in October 2017. One will be seen when entering text into forms on HTTP pages and the second will be seen in all incognito pages.

Chrome HTTPS Not Secure Warnings

HTTPS Chrome | Retailers Not Ready

This is not good timing with the holidays approaching. Although shoppers won’t be prevented from typing into forms on non-secure pages, the new “not secure” messages will be shown just as the holiday season starts to ramp up. Online shoppers may be more skittish about entering their information since Chrome is used by about 54% of Internet users.

How will this impact conversion?

Chrome’s new warnings should concern any retailer that hasn’t made the switch yet to encrypting all pages via HTTPS. Shoppers will now see the “not secure” warnings each time they engage a template oriented object, like site search boxes and other common input forms, including email signup, account sign-in, store locator forms, adding product reviews, even initiating online conversations with customer service.Chrome to have new warnings on non-https pages.

Chrome has over 54% market share meaning these new ‘Not Secure’ warnings could dramatically hurt conversion on desktop and mobile websites. Mobile on-site search is an area of particular concern as one study found that mobile search bar users convert 2x higher compared to non-users. Not secure warnings seen from mobile websites could even negatively impact store traffic and sales if mobile consumers are reluctant to use store locator features.

Why haven’t all retailers moved to HTTPS?

Full HTTPS migration for large-scale sites can be very complex, requiring senior technical resources as well as significant effort and time to achieve successful implementation. Migrating a typical retail site for example involves a series of complex, interdependent steps, including:

  • Enabling all platform assets – every product image file, every script, every style sheet, and even vendor-hosted files – to be publicly accessible from secure HTTPS URLs.
  • Updating every web page’s HTML code to reference the HTTPS URLs for each browser-loaded page asset (ideally doing so without introducing added latency, or harming page load speed).
  • Successfully redirecting all incoming HTTP page requests for department-level, category and subcategory pages, and product level pages to their corresponding HTTPS URL version, which for big retailers, means millions of pages.

E-commerce teams typically have a long list of technical projects and migration to HTTPS is likely on the priority list of every retailer. Projects often get pushed down the list, however, when the ROI of a project is not easily calculated.

In October, that equation may become more clear for those retailers that haven’t made the switch.

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.