Not Secure Warnings in Chrome & Firefox Browsers

Recently you or your customers may have noticed an increase in “not secure” messages being displayed on parts of your Straightsell website. This article aims to help you understand what these messages are, why these messages are being displayed and what Straightsell are doing about them.

What do HTTP and HTTPS mean?

HTTP is the protocol used to transfer a websites data from one computer (the web server) to another (your web browser) over the Internet.

HTTPS is a secure or encrypted version of this protocol; Where the transfer of website data from one computer (the web server) to another (your web browser) over the Internet, is secure or encrypted and private. In order for a website’s data to be available via HTTPS, something called an “SSL certificate” which is provided by a 3^rd party company called a Certificate Authority, needs to be purchased and installed on your web server. This certificate is used as a form of ID, for you to check and prove the website you are visiting is the real website you were expecting to visit, and not a fake one set up by hackers.

Why do parts of my website display as not secure?

Your website’s security has not changed recently, but the messages about security displayed in your web browser has. Specifically, Google Chrome is reporting “not secure” messages on any non-HTTPS page, whilst Mozilla Firefox reports the message on a HTTP page where a “password” field exists. This may be your home page if you have a login bar, a separate login page or your registration page.

Additionally, this message will be displayed on all HTTP pages where Credit Card information is entered, although this is not relevant as your Straightsell website Credit Card entry page is already served via HTTPS, and is secure, encrypted and private.

This “not secure” messaging varies across both browsers, see the following links and screenshots for more information:

Google Chrome™: 

• https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
• https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
• https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html 

Mozilla Firefox®:

• https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/

Why is this message being displayed?

This browser messaging is becoming more pronounced because Google and Mozilla, the creators of the Chrome and Firefox browsers respectively, are pushing for more websites to be secure, encrypted and private and thus make the web a safer place. This is a great thing for users, but is not without challenges for website developers and hosting providers, particularly those that host eCommerce websites such as Straightsell.

What is Straightsell doing about this?

We are aware of these changes and are now able to offer full site HTTPS, which will serve every page of your website securely with encryption.

If you would like more information on having full site HTTPS put in place on your current website, please log a service request in the Straightsell Help Centre and we will be in touch.