The Impending HTTPstrophe — And What it Means for Local Businesses

Share this:

In this regular Street Fight feature, local marketing gurus David Mihm and Mike Blumenthal kick around some of the biggest ideas affecting the local search ecosystem and the broader industry. Send us an email or leave a comment if you have specific topics that you’d like them to touch on in future columns!

Mike: We are in the “wilds” of Minnesota at a GetFiveStars team meeting. Went out last night at 3 am and listened to the owls. Hope you are finding as much peace in Portland. I guess we will see each other in a few weeks in Spain?

David: Yep, looking forward to the SIINDA conference in Valencia!  Things are fine here but it’s been busy trying to get ready for that.

I can’t imagine the owls woke you up — presumably there’s another topic that’s been keeping you awake this week?  For me it’s the imminent warnings coming from Chrome for websites with forms served over plain ol’ http://.

I know it’s more technical topic than we usually cover, but I think it’s going to be an “HTTPstrophe” for unwitting small businesses everywhere.

Mike: Google is rapidly moving towards a time when HTTPS will be an absolute necessity for websites. As you mention, as soon as this month if an http:// website contains any input field, users will start getting scary security messages.

From Google’s announcement:

“Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.”

That seems like many small businesses that haven’t been paying attention will be severely impacted.

David: Every couple months there’s a new study about the percentage of small businesses that still don’t have a website, but I haven’t seen any data around the percentage that have an https:// website. I can’t imagine it’s higher than single-digits. As isn’t the percentage of small businesses who’ve heard about these warnings.

And frankly, it just hasn’t been that important for small businesses until Google started getting so aggressive about these warnings. But given Chrome’s 60+% browser market share, businesses will not be able to ignore this. It’s going to have a widespread impact.

Mike: Given that contact forms and email capture are one of the main performance goals of many small business websites, this could dramatically reduce conversions and they would have not any idea why.

You called it the “HTTPstrophe,” and so you think it will have more impact that “Mobilegeddon?” Why has the coverage been so limited?

David: And unlike Mobilegeddon it’s going to affect all website visitors, not just pre-visitors searching on Google.

Back to your question, though, yeah, it’s crazy. I’m not sure why there hasn’t been more coverage on small business blogs and within the marketing community.

Something as simple as an email subscription form could trigger a significant browser warning. Google hasn’t said exactly what, but even a little “Not Secure” icon at the top of the browser could be enough of a reverse trust signal to deter a customer from doing business.

Mike: Absolutely, both the loss of the lead and the loss of customer trust could have significant impact. Although I can imagine that less than honorable SEO companies might use this as an opportunity to cold-call small businesses with outrageous claims in an effort to close a sale.

I wonder if Google will stage the rollout for less SMB impact and perhaps somehow provide broader warnings than via Search Console, which many small businesses do not utilize.

Certainly they should be carrying the PR banner on this issue, no? And they too have been somewhat quiet.

David: Extremely quiet relative to their considerable resources.

I recall getting a single email from Webmaster Console months ago. It was only when I read my friend Scott Hendison’s post about the topic–one of the few I’ve seen anywhere recently–that I even remembered it was happening.  A single email months in advance is not going to do the trick — particularly when most business owners don’t even know what the difference is.

These warnings should be coming from Google Analytics, Google My Business, G Suite, and any Google product where they can detect the recipient’s website.

Mike: Fortunately, many web hosts and WordPress itself have made the transition from HTTP to HTTPS much, much easier. And the many new web builders like SquareSpace are making it a default. A number of folks have created excellent checklists for the process for sites big and small.

David: Yes. For businesses using WordPress directly, or on one of those hosts, the combination of Let’s Encrypt, and this plugin in particular, is a godsend.

But there’s such a long tail of sites on inferior or homegrown content management systems.  And depending on which company they’re hosting with, it may be cost-prohibitive or too difficult to figure out, as Penny Dean’s comment indicates on this Google Developer thread.

Mike: I have noticed that some of the packaged IYP sites are not yet HTTPS so there is a large space for broad impact as these folks with “feet on the street” have produced a large number of low end websites with contact forms.

David: I know! Even some of the biggest providers are behind — Hearst’s own website promoting LocalEdge isn’t served over https://, for example.

Mike: Given the lack of publicity and awareness at the small business level it might be more like a hot, slow burn than a true apocalypse but it will certainly have a very broad impact.

I guess all we can do is ring the bell and hope that web developers and SMB’s alike hear the warning eh?

David: I hope you’re right about the slow burn. Google’s track record of empathy for small businesses is not a long one, but perhaps even they realize how difficult this transition will be for many of them.


After more than a decade in local search, David Mihm now runs Tidings, an email newsletter platform for small businesses that leverages their everyday social media activity, and his own weekly newsletter, Minutive. In 2012, he sold his former company to Moz, helping over 3 million businesses get better visibility in Google and other search engines. Along with Mike, he’s a co-founder of Local University. 

Mike Blumenthal is a co-founder of GetFiveStars, a feedback and reputation platform, and LocalU, which provides small business and agency training in sustainable local search marketing. His motto: All Local All the Time.  He writes at his blog and does a twice a week podcast about Local marketing. 


Got an idea for what you want Mike and David to discuss next time? Send it to either [email protected] or [email protected], or just leave a comment below and we’ll put it in the hopper!

After more than a decade in local search, David Mihm now serves as VP of Product Strategy at ThriveHive, leading the direction of the company’s search-related product offerings. He’s also the Founder & CEO of Tidings, an email newsletter platform for small businesses that leverages their everyday social media activity, and his own weekly newsletters, Minutive and the Agency Insider. He’s the former founder of, Director of Local Strategy at Moz, and along with Mike Blumenthal, he’s a co-founder of Local University. Mike Blumenthal is the co-founder and analyst at Near Media where he researches and reports on reputation, reviews and local search. Mike has been involved in local search and local marketing strategy for almost 20 years. He explores the online to offline local ecosystem and helps businesses understand it and benefit from it through writing, speaking and education.