From January 2017, Chrome and Firefox started flagging all web pages that accept passwords or credit-card details and don’t use HTTPS as insecure.
This is an important change in browser behaviour. Previously, browsers only flagged pages as insecure when HTTPS itself is broken, for example, when a site’s certificate isn’t valid, or the site uses outdated encryption.
So what does this change mean for site owners and operators?
Following the recent update to Performance Analyser’s user interface, we have now upgraded to newer versions of Firefox and Chrome, as well as enabled support for HTTP/2 (read more about HTTP/2 and its web performance implications).
Would you like your website to be fast?
Would you like your website to be secure?
Or, to put it another way, would you like to have your cake and eat it?
Assuming your answer to each of these questions is yes, read on.