Google Chrome to flag all HTTP sites as ‘not secure’ later this year

9 Feb 2018

Google office in Mountain View, California. Image: Benny Marty/Shutterstock

Google Chrome is imposing even stricter rules on sites using HTTP connections.

Google Chrome developers have been taking steps to let users of the browser know when they have accessed an unencrypted HTTP website, gradually adding notifications to a number of sites over the last few years.

HTTPS is becoming the norm

Google rewards sites using the favoured and encrypted HTTPS connection with increased search visibility, incentivising website owners to drop HTTP.

The prominent labelling of certain insecure websites as ‘not secure’ began in early 2017, with 9to5Google reporting the company’s plans all the way back in September 2016. Chrome 56 was the first iteration to mark HTTP sites that transmit credit card details or passwords as insecure.

This coming July, Google plans to crack down on sites still using HTTP connections by marking every website using such a connection method as ‘not secure’ in the Chrome Omnibox (the address and search bars in a typical Chrome window).

Google Chrome says progress is positive

The rate of progress in terms of getting sites to switch to HTTPS has, generally, been swift. More than 68pc of traffic on Android and Windows is protected, with 78pc protection rates reported for Chrome OS and Mac. 81 of the top 100 websites are currently using HTTPS as their default connection method.

Chrome is endeavouring to make the set-up of HTTPS as easy as possible, with content audits available via Lighthouse, an automated tool for improving web pages. The new audit tool helps web developers track down which resources a particular site loads using insecure HTTP, as well as resources which are ready to be upgraded to HTTPS by a simply sub-resource reference change.

“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default,” said Google in a statement.

It is now much easier and more cost-effective to convert sites to HTTPS and the connection method means others will not be able to look at or modify the site before it gets to an end user, which is possible using HTTP. HTTP connections open the door to information interception or even malware injection.

Eventually, the plan is to have a red warning triangle feature replace the current grey information icon in future versions of Chrome. HTTPS-encrypted sites currently feature a green lock icon and a ‘secure’ sign.

Google office in Mountain View, California. Image: Benny Marty/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects