Google will mark all HTTP sites as “not secure”, Emily Schechter, Chrome security product manager said in a company blog post. The move is aimed at encouraging websites to adopt HTTPS encryption. The Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP – the protocol over which data is sent between the user’s browser and the website that they are connected to. The “not secure” tag will start rolling out for Chrome, starting July 2018, which is when Chrome 68 makes a debut.
Google says the transition from HTTP to HTTPS has helped protect over 68 per cent of Chrome traffic on Android and Windows last year. Over 78 per cent of Chrome traffic is now protected on Chrome OS and Mac. The search giant has revealed that 81 out of top 100 sites on the web use HTTPS by default. To recall, Google announced in December 2016 that it will mark all HTTP pages as non-secure. The feature was unveiled for Chrome version 56, which marks HTTP pages that collect passwords or credit cards as non-secure.
“Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages,” reads a Google blog post. Lighthouse supports a new audit that helps developers find which resources a site loads using HTTP. It also makes it easy to identify those which can be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.