Google has confirmed that beginning in July 2018, with the launch of Google Chrome 68, all websites which connect via an HTTP connection, instead of HTTPS, will be clearly marked as “not secure”.
Last year, Google started out by only marking pages without encryption that collect passwords and credit card information, then it started marking pages where any data was entered over an insecure connection, and on all HTTP pages visited in Incognito mode. Now, all insecure websites shall be marked.
In the announcement, Emily Schechter, Chrome Security Product Manager, said: “Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.”
The company continues to encourage sites to use HTTPS with its automated Lighthouse developer tool and other set-up guides to transition over.
According to Google’s stats, 68% of Chrome traffic on Android and Windows is now using HTTPS, over 78% of Chrome traffic on Chrome OS and Mac is now using HTTPS, and 81 of the top 100 sites on the web use HTTPS by default.
Credit: Chromium Blog