Do you have sites using http rather than https for forms?

[MichaelCorfman]

This past Monday, 17 August 2020, Google made the following post in its Chromium Blog: Protecting Google Chrome users from insecure forms.

The next version of Chrome is M86, and is expected to be coming out in Beta September 3rd to 10th and to have a stable release on October 6th as reported here: Chrome Platform Status.

The announcement makes the following statements:

Chrome will be making the following changes to communicate the risks associated with mixed form submission:

• Autofill will be disabled on mixed forms.
  Note: On mixed forms with login and password prompts, Chrome’s password manager will continue to work. Chrome’s password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords.
• When a user begins filling out a mixed form, they will see warning text alerting them that the form is not secure.
• If a user tries to submit a mixed form, they will see a full page warning alerting them of the potential risk and confirming if they’d like to submit anyway.

If you are unsure whether you have mixed content on a site of yours the following tool will crawl your site and let you know:

MissingPadlock.com/

For this weeks poll I ask if you have sites using http rather than https for forms. If you do, then user interaction with your site will take a turn for the worse, at least for users of the latest version of Chrome, in October. Please share your thoughts about the change, and if you plan any changes based on this new announcement by Google.

For my part, I can say that we decided a few weeks ago that we were going to be actively converting all of the sites we had not yet converted to https over the course of the next month. I'm certainly glad we made that decision already given this latest announcement. That will, of course, include the GPWA website, for those of you who have been patiently waiting for that change. It is one of only a couple sites of ours that currently makes extensive use of forms that are not served using https.

Michael

[allfreechips]

Everything should be https by this time

[trickywinger94]

https is a basic requirement nowadays, having 'Not Secure' showing up in the top left of the browser can be off putting for website visitors.

[drifter8]

Https is a must nowadays.

[golfbettingsystem]

Switched to Https a while back, debatable how beneficial it is for a non-transactional website other than the aesthetic appearance of ‘security’ but, hey, tell us how we need to jump and we’ll all do it!

[casinoportal]

It's so quick and simple to setup https these days that there really is no excuse for sites that are not using it. I don't even bother paying anymore, I use Lets Encrypt which is free and used by millions of websites.

[golfbettingsystem]

It's so quick and simple to setup https these days that there really is no excuse for sites that are not using it. I don't even bother paying anymore, I use Lets Encrypt which is free and used by millions of websites.

Yeah, get the auto renewal sorted on Let’s Encrypt and you can forget all about it.

[Cash Bonus]

None of my sites use any forms, but https is certainly important to have.

[Casino Gamerz]

theres nothing worse than landing on any site that doesnt show an SSL certificate

[Nenad]

I believe that https is a must, forms or no forms.

[EPLvip]

https all the way for me

[ocreditor]

https is the standard now by all means

[baldidiot]

Switched to Https a while back, debatable how beneficial it is for a non-transactional website other than the aesthetic appearance of ‘security’ but, hey, tell us how we need to jump and we’ll all do it!

Yeah exactly. We have some old static html sites with no forms etc.. makes no sense to me to have to have an SSL certificate for these but we shall dance as the master demands!

[baldidiot]

theres nothing worse than landing on any site that doesnt show an SSL certificate

I could think of a few things worse than that... an escaped serial killer breaking into your house and doing an at home version of ‘face off’, for example.

[Christiaan]

Most of my websites have https on every page. It is so easy and it looks much better to visitors to have a safe lock then having warnings that it might not be secure.
Some of my old websites that I haven't touched in years might still have normal http.

[tufty]

This thread is an anachronism. Of course every website should have it. All my sites have it, even the redundant ones. It is free (Lets Encrypt) and takes between one second and five minutes, depending on how your site is hosted. GPWA should try it during a coffee break.

[Former Member 14]

That will, of course, include the GPWA website, for those of you who have been patiently waiting for that change.

Not sure patiently is the right choice of word, given, a number of members (myself included) have been requesting the GPWA to change to SSL for the past few years. Each time we're fobbed off with some lame excuse.

Now with the latest Google/Chrome info, which will likely affect the GPWA (bottom line $'s), miraculously all stops are being pulled out to ensure the site is changed from non secured http to secure https...

Better late than never

[Former Member 14]

None of my sites use any forms, but https is certainly important to have.

I notice your site doesn't have https, so it's less important for you to have it, huh!
Also notice it's not mobile optimized either. But that's a moot point, I guess.

[onlinecasino-daigaku]

Most of the addresses of the sites I have are https. In the case of sites created in the past, some sites remain as http, but some sites have been converted to https and the ranking has dropped, so some sites have not changed from http.

[artrust99]

HTTPs of course. I did some test, and after switching from HTTP to HTTPs it give positive results in ranking for low competitive words