Web browser security and privacy with HTTPS

Over the last few weeks, we have been researching web traffic for 177 of some of the most productive brokerages in sales volume and sides. While we are still diving deep into the study, there was one stat which gave me grave concern; the number of broker websites which are not secure for a customer to login or to complete a form.

Securing information between a person who completes a registration or property inquiry form and then sends it to a web site’s server is achieved when you see the HTTPS before the web address.


  • https://www.WAVGroup.com – Communication between person browsing and the website server is secure
  • http://www.WAVGroup.com – Communication between person browsing and the website server is NOT secure.

Today, we do not even consider launching a website – with or without forms – without applying HTTPS website security.

For years, Google has been pushing webmasters to apply HTTPS to secure websites. While this method has been a long-time practice, most companies were not adhering to it if their site did not have an e-commerce payment feature. That is until Google started to highlight non-secure websites as “Not Secure” in Chrome back in July of 2018. Nowadays, the majority of web browsers display non-secure websites to people.

During our research, we exposed that almost 25% of the 177 websites in the study were non-secured websites. These are websites from brokerages who are productivity leaders in sales volume or sides or both. Websites which included subscribing to a newsletter feature, submitting a property inquiry with a showing request, or a site registration and login form. Scary!

Non-secure websites are open.

A simple scenario of creating a new username and password on a non-secure website makes it easy for others to see it. When the submit button is pushed, the browser sends the information to the website’s hosting server in a form that is as readable as this article.

There are plenty of tools to capture the communication into a file and query it to find the information. Unsecured Wi-Fi hotspots like in airports, restaurants, and public places make it easier for the bad guys to capture non-secured communication with these tools.

Open hot-sports make it imperative to secure websites to protect the consumers privacy and security, leverage Search Engine Optimization, and preserve the company’s brand image.

Consumers Privacy and Security

The EU’s General Data Protection Regulation (GDPR), California Consumer Privacy Act of 2018 (CCPA), and the discussions in the U.S. Congress on new federal regulation policy; state that any compromise of a person’s personal or private information must be disclosed. It will be difficult to remediate any violations of these laws when a company maintains non-secured websites.

An item to note: While CCPA’s accountability to the law is limited to only big companies, the U.S. House and Senate hearing was inclusive for every company and preemptive to state law. The federal government is reviewing how to align data security with a privacy policy.

Search Engine Optimization (SEO)

Search Engines have been saying since 2014 that one signal they use for ranking websites is if they are using HTTPS. Google previously stated usage of HTTPS as a ranking signal is part of their algorithm.

For these reasons, over the past few months, we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.

Should we be concerned about this since Zillow, Realtor, and Trulia is winning this war? I absolutely think it makes a difference for long-tail searches. These sometimes include typing in a property address or performing a search for a ‘home for sale in a neighborhood for $250k’.

Company’s brand image

This is one upsets me. Brand is extremely important to a company and having a web browser say “Not Secure” is leaving a negative brand message to the consumer. Let’s take a look.


Here is an example when accessing a non-secure website in Chrome. When the consumer clicks on the information circle next to Not Secure, the following message is delivered.

Chrome on a non-secure website - no HTTPS

Brand message: We want your business, but we don’t care enough to protect you from the bad guys!

The next example shows how a secured website is treated by Chrome.

The consumer is presented with a lock icon.


Chrome on a secure website - with HTTPS

All is okay with this company! 😉


When accessing a non-secure website, Firefox only displays the information circle. But, look at what is displayed when the consumer clicks on the site.

Firefox on a non-secure website - no HTTPS

I like how Firefox displays a secured website. They present a bold green lock next to the web address.

Firefox on a secure website - with HTTPS

This aligns and signals the dedication of a brand that is concerned about my security and privacy.


Apple’s treatment of a secured website only displays a little lock next to the web address. It is okay, but nothing really bold.

Safari on a secure website - with HTTPS

Apple’s lack of treat treatment on non-secure websites is a little disheartening. As a consumer, you only know when the website is secured. I guess Apple thinks people are more aware of their browsing habits.

Brave Browser:

If you like a browser to test for SEO and easily select ad and tracking blockers, try Brave Browser. It has become a go-to for surfing the web.

Brave treats non-secured websites similar to Firefox. A big red “Not Secure”. Click on the Not Secure and the message is loud and clear.

Brave Browser on a non-secure website - without HTTPS


Brave Browser on a secure website - with HTTPS


All your website assets need to be set up with HTTPS. The cost to implement is minimal compared with not having the proper security in place to protect people, losing out on long-tail SEO, and jeopardizing the company’s brand with consumers. It all matters in today’s business world.

There really isn’t any excuse for having a non-secure website. If your team is too busy, call us. We’ll handle this for you and make the necessary phones calls to get the job done. One more item to check off your “to-do” list.

WAV Group can facilitate the process of moving your website assets from HTTP to HTTPS. Call Victor Lund or David Gumpper to discuss how the WAV Group can assist.