http:// on Chrome & Firefox
If your website is a Straightsell template version 11B or earlier you may have noticed the following warnings in the Chrome and Firefox browser:
Google Chrome:
Mozilla Firefox:
This is due to recent changes Google and Mozilla have made to their internet browser security messaging, more information can be found in the links below. In summary, when a credit card or password field exists in the page, Chrome and Firefox code checks whether the page is served via a secure connection (via https://). If the page is not served by a secure connection, then Chrome and Firefox advise the user that the page is 'Not Secure', or a grey lock icon with a red line through it ().
Google Chrome:
Table of Contents |
---|
Recently you or your customers may have noticed an increase in “not secure” messages being displayed on parts of your Straightsell website. This article aims to help you understand what these messages are, why these messages are being displayed and what Straightsell are doing about them.
What do HTTP and HTTPS mean?
HTTP is the protocol used to transfer a websites data from one computer (the web server) to another (your web browser) over the Internet.
HTTPS is a secure or encrypted version of this protocol; Where the transfer of website data from one computer (the web server) to another (your web browser) over the Internet, is secure or encrypted and private. In order for a website’s data to be available via HTTPS, something called an “SSL certificate” which is provided by a 3rd party company called a Certificate Authority, needs to be purchased and installed on your web server. This certificate is used as a form of ID, for you to check and prove the website you are visiting is the real website you were expecting to visit, and not a fake one set up by hackers.
Why do parts of my website display as not secure?
Your website’s security has not changed recently, but the messages about security displayed in your web browser has. Specifically, Google Chrome is reporting “not secure” messages on any non-HTTPS page, whilst Mozilla Firefox reports the message on a HTTP page where a “password” field exists. This may be your home page if you have a login bar, a separate login page or your registration page.
Additionally, this message will be displayed on all HTTP pages where Credit Card information is entered, although this is not relevant as your Straightsell website Credit Card entry page is already served via HTTPS, and is secure, encrypted and private.
This “not secure” messaging varies across both browsers, see the following links and screenshots for more information:
Google Chrome™:
- https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
- https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
- https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html
Mozilla Firefox®:
IMPORTANT NOTES:
- All website template versions serve the credit card entry page via a secure connection on https://, so importantly this messaging does not apply.
- Today, it is not possible to provide site-wide https:// (or to serve all website pages on a secure connection via https://).
- We can make specific pages of your website be served via a secure connection on https://. There is a once off charge for this work, please let us know if this is something you would like quoted. The change we would make to your website is outlined below.
How we would modify your Straightsell Website
These screenshots have been taken from our most recent Straightsell Template (11C), where the website pages that contain Username or Password fields are all served via a secure connection via https://.
In addition to securing the pages specified below, performing this work means that when browsing non-https:// pages of your website pages will NOT appear:
- As 'Not secure' in the address bar of Chrome, and
- With a grey lock icon with a red line through it () in Firefox.
Below you can see how our these latest website templates differs from what can be seen in the screenshots above:
Google Chrome:
Mozilla Firefox:
NOTE: We aim to be able to offer full https:// of Straightsell websites within the next 12 months
Why is this message being displayed?
This browser messaging is becoming more pronounced because Google and Mozilla, the creators of the Chrome and Firefox browsers respectively, are pushing for more websites to be secure, encrypted and private and thus make the web a safer place. This is a great thing for users, but is not without challenges for website developers and hosting providers, particularly those that host eCommerce websites such as Straightsell.
What is Straightsell doing about this?
We are aware of these changes and are now able to offer full site HTTPS, which will serve every page of your website securely with encryption.
If you would like more information
...
- If you have an account and have forgotten your password you can request a password reset.
- If you do not have an account and need one set up for you, get in touch with us at support@straightsell.com.au and we will get back to you as soon as we can.
...
hidden | true |
---|
...
on having full site HTTPS put in place on your current website, please log a service request in the Straightsell Help Centre and we will be in touch.