Google Chrome will mark all HTTP sites as “not secure” starting in July. The latest change will debut on Chrome 68, though it will be a part of all later versions to encourage webmasters to switch to HTTPS application protocol. Google started the trend of marking HTTP sites as “not secure” with the Chrome 56 release that was debuted in January last year. However, the previous implementation was limited to webpages requiring certain private information from users, including credit card details.
With Chrome 68, the omnibox on the top will display a “Not secure” label for all HTTP pages. This label will not only highlight the unsecured nature of the HTTP pages but will also push webmasters to prefer HTTPS over HTTP. From a user’s perspective, the main difference between HTTP and HTTPS is that all HTTPS traffic is encrypted by default, which means it’s more secure from snooping, especially on public networks.
So how many sites will be impacted by the change? Google shared some numbers. According to Google, 81 of the top 100 sites on the Web now use HTTPS by default. It added that more than 68 percent of Chrome traffic on both Android and Windows and over 78 percent of Chrome traffic on Chrome OS and macOS now flows over HTTPS.
Google used the opportunity to highlight it has a bunch of tools that can help webmasters make the transition to HTTPS.
“Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version,” Emily Schechter, Chrome Security Product Manager, wrote in a blog post.
Apart from leveraging Chrome’s dominant position in the browser market to encourage the switch to HTTPS, Google has been working on other fronts as well. Apart from using HTTPS as a ranking signal, the search giant started indexing HTTPS pages by default in December 2015.
In addition to Google, other companies like Apple have been promoting the use of HTTPS as well. The iPhone maker made it mandatory for iOS apps to use secure HTTPS conections in June 2016.