Chrome will mark all HTTP sites as ‘not secure’ starting in July

<p>Starting in July, <strong>Google Chrome </strong>will mark all <strong>HTTP</strong> <strong>sites as &ldquo;not secure,&rdquo; </strong>according to a blog post published today by <strong>Chrome</strong> <strong>security product manager Emily Schechter</strong>. Chrome currently displays a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and &ldquo;Secure&rdquo; sign.</p> <p><strong>Google</strong> has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.</p> <p>The Chrome team said today&rsquo;s announcement was mostly brought on by increased <strong>HTTPS</strong> adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of <strong>Chrome traffic is already encrypted.</strong> &ldquo;Based on the awesome rate that sites have been migrating to <strong>HTTPS</strong> and the strong trajectory through this year,&rdquo; Schechter said, &ldquo;we think that in July the balance will be tipped enough so that we can mark all <strong>HTTP</strong> sites.&rdquo;</p> <p><strong>HTTPS encryption protects the channel between your browser and the website you&rsquo;re visiting,</strong> ensuring no one in the middle can tamper with the traffic or spy on what you&rsquo;re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.</p> <p><strong>HTTPS</strong> has also become much easier to implement through automated services like<strong> Let&rsquo;s Encrypt,</strong> giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to <strong>HTTPS</strong>.</p>