Carnegie Mellon University

CMU Web

Marketing & Communications with Computing Services

September 26, 2017

Chrome to Label HTTP Web Pages as Not Secure

Google announced that starting in October 2017, the Chrome web browser will consider web pages using URLs that begin with HTTP (rather than HTTPS) to be non-secure if website visitors have the option of entering information onto the web page (such as submitting information through an online form or search box). As a result, website visitors may receive a message from the Chrome web browser that the web page is “Not Secure”.

To prevent website visitors from receiving this message and to ensure the security of official university websites, all web pages on the www.cmu.edu domain will begin using secure (HTTPS) URLs beginning October 10, 2017.

WHAT THIS MEANS FOR YOU
If you manage a CMS or AWPS website, review your site for external and absolute links to non-secure content that may generate browser warnings on a secure page. This may include:

  • Embedded media such as YouTube videos, Google calendars, Flickr albums, Wufoo forms and Twitter feeds
  • JavaScript, CSS, or other independent files using absolute/full URLs
  • iframes or other methods of displaying third-party content on a web page
  • Mailto web forms that redirect to a Thank You or Response page when referenced in the form with the full page URL

In many cases, changing the URL of the items above to use a secure URL (HTTPS) will prevent the browser warning. Be sure to re-publish pages where this change is made.

You DO NOT need to change links that take website visitors to a page within your site or to an external site. These will continue to remain functional without displaying the “Not Secure” message.

Please direct any questions or comments to the Computing Services Help Center at 412-268-4357 (HELP) or it-help@cmu.edu