Skip to content

If Google says a website isn’t secure, what does it really mean?

  • by
  • 4 min read

Ever come across a website that your browser reports as unsecured? Browsers have different methods of reporting a site as unsecure. Google Chrome, for example, shows a padlock before the URL of a secure website. Firefox and Safari employ similar measures to indicate that the website that you’re visiting is secure.


What does the padlock mean?

The padlock means that the website you’re visiting is secure. What does secure mean here? Well, secure means that the website has a security certificate (SSL/TLS) issued by a recognised and trustworthy authority.

If Google says a website isn't secure, what does it really mean?

Whenever you visit a website, Chrome (or whichever browser you use) expects an HTTPS prefix before the URL. If the browser doesn’t detect that, it indicates that the site lacks an SSL or TLS certificate and is unsafe to visit.

In this case, you are susceptible to phishing and data theft attacks. Any information exchanged between your device and the server can be intercepted and hijacked. An example would be a man-in-the-middle attack, hijacking data between two online machines.

The padlock also ensures you’re visiting a genuine website, not a fake one designed to phish your data potentially. Duplicate pages of common sites don’t have security certifications and can be detected by browsers.

Also read: Xiaomi Browser is vulnerable to ‘Man-in-the-Disk’ attack


Should you heed the warning?

This warning will show up on any unencrypted website on the internet. What should you do if that happens? The answer to this question depends on what you’re visiting the website for.

If Google says a website isn't secure, what does it really mean?

Remember that the data transferred between your device and this website can be intercepted. Even if the website has no evil intentions with your data, it’s still at risk of being intercepted. So it’s recommended that you do not share your credit/debit card details on a website without a security certificate.

Security certificates are expensive to get and require thorough verification and frequent renewals. Not everybody who’s running a website on the internet is going to get one. There can be many reasons for that. You don’t need a security certificate if you’re running just a personal blog.

Note: ‘http://’ prefix means that the website doesn’t have a security certificate while ‘https://’ means they do.

This can, however, lower your website’s stats as the people visiting might see a warning page telling them the website isn’t secure. This may sound unfair, but Google’s decision to make HTTPS mandatory means that even smaller websites take care of your data.


When can the warning be bypassed?

You can easily bypass the security warning if you’re visiting a personal blog or something similar. You can avoid Google’s warning if you do not enter sensitive information on the website.

That said, you still need to be careful of your actions on the website. Just because you aren’t giving away your data to the website doesn’t mean you can’t be compromised. Any malicious downloads and pop-ups can still release a malicious script or software on your device.

If you’re confused, it’s always advisable not to visit the website. It’s always better to search elsewhere instead of risking your security. It’s the world wide web, after all.

Browse safely!

Also read: Why is Cyber Security important? 5 tips to protect yourself

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>