Not Secure warning in web browsers

 

Overview

This article provides guidance on how to prevent a "not secure" warning in a browser.

Background

If your website does not have an SSL certificate configured, visitors see a "not secure" warning in their web browser. You can see this by clicking the warning icon in the URL bar to the left of your domain. When you click the warning icon, a message appears that informs you the connection to your site is not secure.

To avoid losing visitors and potential customers, you should make sure your website is using an SSL certificate. When an SSL certificate is enabled, all traffic within the domain is encrypted such as credit card information and passwords.

Even if your site does not handle sensitive data (such as credit card information or passwords), it will still be marked as 'insecure' by web browsers. Concerned visitors may then choose to choose to avoid your site.

How to resolve the warning

Depending on whether you're a website owner or a visitor, there are several ways to fix an insecure message that may appear in a browser. 

Website owners

Adding an SSL certificate to your site

To ensure your website traffic is not affected by an insecure warning, it's highly recommended that you add an SSL certificate to your website. DreamHost recommends adding either a free Let's Encrypt or paid professionally-signed certificate.

A self-signed certificate is not recommended, as it will still display a security warning in any browser.

Updating links to use HTTPS

If your website contains any HTTP links, a mixed-content warning appears. This occurs when an SSL certificate is added, but the links within the site are not updated. See this article to learn more about how to resolve mixed-content warnings on your site.

Adding security headers

HTTP headers pass information between a web browser and a website when it's visited. There are different types of headers you can add depending on the service you wish to implement. For example, you could add security headers to force your site to only load secure content. See this article for a list of security headers.

Website visitors

Clearing your browser's cookies and cache

It's possible that previously stored cookies and a full cache in your browser are causing a website to load old information. Clearing both may resolve this warning. See the following articles to learn more about how to clear your cookies and cache in popular browsers:

Fixing the date and time

SSL certificates have expiration dates. If your computer's date and time are incorrectly set, a website's SSL certificates may appear invalid and, therefore, display a security warning. See the following articles to learn more about how to set the date and time on your computer:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?