Web Development

Chrome will mark all HTTP sites as not secure in July

Last year, Google started marking websites with login and payment forms as “not secure” if they were on HTTP as opposed to HTTPS. This year, Google is going further.

Starting in July 2018, Chrome will be marking all websites on HTTP as “not sure” in the address bar. This means that having an SSL certificate is no longer optional for any website.

Implications are clear. Any visitor browsing with Google Chrome will see the website as not secure, and will think twice before continuing.

Luckily, the solution of getting an SSL certificate, which is what turns HTTP into that magical, green HTTPS in browsers, is very simple today (read our article on SSL certificates if you want to learn more).

This is how an HTTP site will look in the address bar of Chrome 68, starting in July 2017:

Chrome 68 - HTTP
Treatment of HTTP pages in Chrome 68

Google explains their thinking in a blog post:

Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.

Last year, when Google made the same change for websites with forms, they already announced the plan to go further, and it was only a matter of time before this change happened.

Eventually, Google will be going even further, updating the “Not Secure” text with an alarming icon and coloring it in a striking red.

Eventual Treatment of all HTTP pages in Chrome
Eventual Treatment of all HTTP pages in Chrome

If you need help switching over to using HTTPS on your website, we are happy to help.