Skip to content

Chrome looks to flag all HTTP sites as NOT SECURE

Starting in July, any website not using HTTPS will be identified as “not secure” in Chrome.

Google is on a mission to get web developers to use HTTPS encryption on their websites. Those who don’t will see their sites labeled as “not secure” in an upcoming Chrome browser build due out in July.

In the current iteration of Chrome, version 64, the browser makes the distinction between non-encrypted HTTP and encrypted HTTPS sites in the address bar with a rather innocuous information icon on the former. Clicking on the icon brings up a message warning that the connection to the site is not secure, and that users should not input any sensitive information.

On sites that use HTTPS, there is a lock icon with the word “Secure” scribbled next to it.

Starting with Chrome 68, Google will add the designation “Not secure” next to the information icon that appears on HTTP sites. Here’s a look at the new label, compared to how HTTP sites appear now:

This shouldn’t be a jarring transition. According to Google, 68 percent of Chrome traffic on both Android and Windows is already protected, and that number to jumps to 78 percent on Chrome OS and Mac. In addition, 81 of the top 100 websites uses HTTPS by default.

“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP,” Google says.

The benefit of HTTPS is that information sent from your PC to the corresponding website is encrypted, rather than transmitted in clear text. This helps prevent an eavesdropper from sniffing out sensitive information, which is especially important when shopping online or accessing your bank account.

Google’s upcoming change is a more aggressive approach to calling out sites that don’t use encryption, compared to Firefox or Edge. In Firefox, there is the same information icon on HTTP sites, plus a padlock with a line through it. And in Edge, there is just an information icon on HTTP sites.

We’ve been advising all our clients for the last couple of years this is vital. Now all all our Website Care Plans come packaged with the SSL certificate.