are you using Chrome 68?

Looking for advice on new Chrome ‘Not Secure’ issue [webmasterworld.com]

I see it a lot on both Chrome 67 desktop and Chrome 67 mobile.

It makes no difference whether there is a form or input field on the page, if they are not secure, I see a full page warning with that red triangle that stops me from accessing the page.

To proceed I must click "advanced" and agree to assume the risk. Of course I never do.

At some point, it would make sense for Google to just remove all unsecure pages from the index.

[edited by: not2easy at 4:45 am (utc) on Jul 6, 2018]
[edit reason] OP request [/edit]

It will look ugly, no matter how pretty. :)

G is forcing the web to https ... get on board!

(Should be there already, it is time for the next step)

I wish I could see one

Yes, me too. The Mac version is running a little behind, so we’re still on 67. (To what extent does Chrome yap at you about upgrading? I certainly see plenty of Chrome/66 and /67 from Windows users in recent days.)

I wish I could see one

Just go to any secure site that uses "www" as a sub-domain placeholder (even this site.) Go up to the address bar and replace the "www" with something else, like "foo"

Voila!

The Mac version is running a little behind, so we’re still on 67

You should see the warnings in Chrome 67 as well.

You should see the warnings in Chrome 67 as well.

Nope, nothing, not even when I tried the Contact form. If I click the tiny little (i) I see the angry red This site is not secure, but that's nothing new.

Datestamp on Chrome 67 is 11 June but I don't know if that's when I downloaded it or the actual version release date. (I don't use Chrome much.)

Don't know why Mac would be behind the Windows version for this.

Did you try my suggestion about going to a secured page and changing the "www" to something else? This is the promised warning from Google.

I don't use Chrome much

That always puzzled me coming from members here. Chrome is by far the most widely used web browser, especially mobile. I would think people who consider themselves web professionals would want to see the web as most of their users do.

With Chrome leading the others as far as these warnings, I would think it would be even more important.

That always puzzled me coming from members here. Chrome is by far the most widely used web browser, especially mobile. I would think people who consider themselves web professionals would want to see the web as most of their users do.

10+ years ago the same could be said abut IE (excepting the aside about mobile)

I would think people who consider themselves web professionals would want to see the web as most of their users do.

i agree and if you really don't want to use google chrome for whatever reason, then something like Vivaldi (and others) would be just as good as they are effectively chrome minus google.

All true, but the safety warnings preventing the display of unsecure content is by the Chrome browser.

If your content is in this category, the majority of users may be scared away. That's pretty significant.

going to a secured page and changing the "www" to something else

Oh, yes indeed, that works--but who would ever do the equivalent in real life? It requires a combination of three things:
-- request uses HTTPS protocol
-- site allows wild-card subdomains
-- site's security certificate covers only www

That's a far cry from preventing all access to non-secure sites. I can't remember* a browser that didn't kick up a fuss if there was something wrong with a site's security certificate.


* One reason I finally stopped using Camino is that they no longer updated their certificate records, so they'd claim a site was insecure when in fact it was perfectly fine.

Oh, yes indeed, that works--but who would ever do the equivalent in real life?

lucy24 - I think you may be missing the point here.

I only suggested you view the warning in that manner because I know it works and it is an example of what the warning looks like.

Earlier you said:

I wish I could see one

So there it is.

I think you may be missing the point here.

I think so too, because the issue for me isn't what the warning looks like, but under what circumstances it would be seen by an ordinary human who wasn't intentionally trying to invoke it. And that's what I haven't found yet.

under what circumstances it would be seen by an ordinary human

I think that was answered

It makes no difference whether there is a form or input field on the page, if they are not secure, I see a full page warning with that red triangle that stops me from accessing the page. To proceed I must click "advanced" and agree to assume the risk.

Of course I am no "ordinary human."

I think the question is what “not secure” means. So far it only seems to mean “claims to be secure but isn’t” (HTTPS protocol in conjunction with invalid or nonexistent certificate), which is a very small subcategory of “not secure”.

So far [not secure] only seems to mean “claims to be secure but isn’t”

The warning displays in several circumstances:

• The most prominent being when the site uses the HTTP protocol.

Other circumstances where the Chrome browser possibly* may display the red triangle and stop the user from continuing:

• Where the security certificate is not assigned to the page.

• Where the security certificate is invalid

• Where there are unsecure elements within a secure page, example: HTTP paths to scripts, forms or 3rd party objects & plugins.

* we're still discovering this.

A stable version of Chrome 68 is due to be released on July 24.
[chromestatus.com...]