For the past few years, Google has been trying to make HTTPS the prevalent standard for websites, rightly citing the security risks posed by HTTP. Moving forward it will label all HTTP sites as a security risk clearly. The company announced that starting July 2018, versions of Chrome browser will label all HTTP websites as ‘Not Secure’ in the address bar.
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
Google’s new move will be put into effect following the release of Chrome 68 via the stable channel around July this year, with the goal of urging webmasters to jump to the HTTPS bandwagon. In order to make the transition easier for developers, Google has made available in-depth information about the advantages of HTTPS and is also offering the necessary developer tools to tackle certain limitations any new developers might encounter in the process.
Google’s official blog post notes that not only is HTTPS way more secure, it also brings performance improvements and opens doors for the introduction of advanced features and functionality for websites. If you are a developer, you can go through Google’s official HTTPS setup guide to get started
Google’s latest move can be seen as the culmination of a campaign kickstarted in April last year, when Chrome selectively started labeling HTTP websites as ‘Not secure’ and also started issuing a warning to users if they access such websites in incognito mode later on.
Aside from the addition of a ‘Not secure’ label, Google has also adopted a few other measures to encourage developers to make the move to HTTPS. One of them involves prioritizing HTTPS websites in Google search results. Google’s efforts have certainly yielded encouraging results, with 81 of the top 100 websites now employing HTTPS by default, and with the implementation of its new move, the results are expected to improve significantly.