Google Chrome flags all HTTP sites as not secure starting today
If you are using the Google Chrome web browser for your browsing, at least partially, you may have noticed an increase in sites flagged as not secure by the browser.
Starting today, Google Chrome marks any website still using HTTP for connections as not secure in its interface. The browser handled things differently before. It displayed an icon in front of the URL of the site and revealed to users that the site was not secure if users interacted with the icon.
Starting with Chrome 68, released today, Chrome displays the not secure warning directly next to the address which makes it much more prominent. Chrome users can still click on the "not secure" warning but this displays just a general description of why HTTP sites are less secure than HTTPS sites.
The change affects Internet and Intranet sites.
The description reads: Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.
The learn more link leads to a Help page on Google's official Chrome Support site that offers additional details:
Chrome uses three icons to indicate the security of a connection: green for secure connections, a white information icon (i) for "info or not secure", and a red exclamation point for "not secure or dangerous".
One option that users have is to try and connect to the HTTPS version of sites flagged as not secure by Chrome. If the site maintains HTTP and HTTPS as valid protocols, adding that "s" to the URL could be all that is required to make the connection secure.
A browser extension like HTTPS Everywhere could help users as it may make the change automatically for numerous sites.
Google plans to add a red warning color to the not secure notification in Chrome's address bar in Chrome 69 when users are about to enter data on sites.
Sites that still use HTTP exclusively for connections may notice a drop in visits or more bounces because of this. Users may not want to connect to sites that Chrome marks as not secure even if there is not really danger in doing so, e.g. when retrieving an article on a certain topic from the site.
Sites that do use HTTPS may see an increase in traffic that comes from sites that still use HTTP.
Webmasters who manage sites that only use HTTP will probably start to accelerate the migration to HTTPS, and that is what Google hopes to achieve with the implementation.
Sites that are no longer maintained won't be updated.
The move will certainly increase support requests; webmasters may get an increase in emails and notifications from site visitors, and companies may notice an increase in Helpdesk support requests.
Interestingly enough, Google plans to remove the secure label from Chrome's address bar for secure connections. The company plans to display the lock icon only when Chrome 69 get released in September 2018, and remove that as well eventually.
The core idea behind the change is that secure connections should be the norm and that no label means that the connection is secure.
It is currently possible to reverse the change or modify it:
- LoadÂ chrome://flags/#enable-mark-http-as in the Chrome address bar.
- Set the preference to one of the available settings, e.g. disabled to turn it off, or even more strict to see the impact now of changes that Google will roll out at a later point in time.