Google started showing a "Not Secure" warning in the address bar when users visit an HTTP website from the Chrome browser, version 68. This warning label appears anytime you visit an insecure webpage. It refers to the lack of security for the connection from your device to that webpage. Therefore, the information sent and received through that connection is unprotected and can potentially be read, modified, or stolen by hackers or entities with access to the internet infrastructure, e.g., Internet Service Providers or government agencies.
However, the "Not Secure" label does not indicate that your device or the website you are visiting is affected by malware. The purpose is to alert you that the connection is insecure, so you can protect yourself actively. In most cases, you can safely visit HTTP websites without worrying about anything as long as you do not enter sensitive information on that webpage. But when you want to enter sensitive information on any website, make sure it is fully secured.
The clear sign that a website is fully secured is the padlock symbol at the beginning of the website address. It indicates that the connection between your device and the webserver is fully encrypted with a TLS/SSL certificate.
What Should You Do When Seeing A "Not Secure" Warning In Google Chrome?
The "Not Secure" warning label does not require you to take any action. There is nothing bad about visiting websites without TLS/SSL encryption. However, be aware before entering your information on those websites. Without encryption, third parties can intercept the data while it is transmitting to the webserver. So we would never recommend filling login credentials and other critical details on unencrypted websites.
For Website Visitors
As a visitor, it is impossible to turn a website from unencrypted to encrypted without a proper HTTPS configuration. The only way to get it done is to obtain a TLS/SSL certificate, install it on the webserver, and then enable HTTPS on the website.
Once it is done, your Chrome browser can transmit the data more securely through an encrypted connection. This helps to protect your online privacy and identity theft.
If the "Not Secure" warning displays on the website you visit frequently, you can contact the website owner to suggest that they start supporting HTTPS. Besides, you can also try manually replacing HTTP by HTTPS in the website address as many websites may have a proper HTTPS setup but do not use it as the default address.
However, if you force a website to use the HTTPS protocol without a TLS/SSL certificate installed, your Chrome browser will display the following error message: Your connection is not private, including the error code: NET::ERR_CERT_COMMON_NAME_INVALID.
If you want to find out how does this error message look like on your web browser, you can visit this following website: https://testsslerror.bytebitebit.com. It is used for testing purpose only.
How To Enable Or Disable "Not Secure" Warning In Google Chrome
If you do not like this security warning, you can turn it off with a few simple steps.
The first step is to open the Google Chrome browser, then type chrome://flags in the address bar and press the Enter key.
Use the search box at the top to search for the "non-secure" word. Then change the value of the "Mark non-secure origins as non-secure" option to "Disabled" to turn off the "Not Secure" label. To turn it on again, you can choose the "Default" or "Enabled" option from the drop-down list.
After you finish the adjustment, click on the Relaunch Chrome button to restart the Chrome browser. From now on, Google Chrome should no longer alert you about "Not Secure" webpages.
For Website Owners
The "Not Secure" label shows on any webpage served over the insecure HTTP protocol. If you see this warning on the website you own, you should start supporting the HTTPS protocol. Using this protocol requires you to obtain an SSL certificate, install the certificate, and enable the HTTPS protocol on your webserver. You can either purchase an SSL certificate from SSL providers or get a free one from Let's Encrypt.
Depending on your needs, you will need to use different types of SSL certificates. For example, if you want to enable HTTPS on one domain, a Domain Validated Certificate (DV SSL) is the right one, but if you need to enable HTTPS on multiple domains, a Multi-Domain SSL Certificate (MDC) is required. To have a clear understanding of the types of SSL certificates, you can read this article.
All major web browsers always alert users about insecure webpages, not only Google Chrome. So it is important to support HTTPS to achieve both the security benefits and the optimal user experience. More importantly, Google has started to use HTTPS as a ranking signal on its search engine years ago. Therefore, you should start using HTTPS on your website right away, as there are many benefits that are waiting ahead.
Although the "Not Secure" label annoys some users, it is a great security feature in Google Chrome to help users check whether a webpage is secure. From our perspective, we would never recommend disabling this security warning, as you may not know which websites are safe. So it would be best if you kept it that way to protect your online privacy and prevent identity theft.
As a website owner, enabling the HTTPS protocol on your website is more important than ever. Most web browsers always alert visitors when your website does not use an HTTPS connection. You can lose their trust if you cannot prove that they are safe while visiting your website. So, alongside increasing the security of your website, the HTTPS protocol also helps to obtain the trust of users. Moreover, it may aid your website to get better results on the search engine.