Chrome continues HTTP phase-out by removing 'secure' icon from HTTPS sites

Changes in 'secure' and 'non secure' icons comprise final steps in plan to make web secure-by-default

Google has announced it will stop marking HTTPS sites a "secure" in Chrome, as it wants the protocol to become a default standard for web browsing. 

The search giant currently marks websites on the older and less secure protocol HTTP as "not secure" and uses a green "secure" label ahead of web addresses to denote when a website is using the encrypted protocol. 

Advertisement - Article continues below

But from September 2018 users will no longer see sites marked as secure with the rollout of Chrome 69 as Google aims to make the web "secure by default"; HTTP sites will continue to be labeled as not secure with the rollout of Chrome 70 the following month.

According to Google, HTTP usage was previously far too high to brandish them in a strong red warning, but are now actively encouraging sites to make that transition to a far more secure outlay.

These next steps in the process comprise the final stage in Google's plan to move 'towards a more secure web', a plan that it outlined in 2016.

Writing at the time, Emily Schechter, product manager on Chrome's security team, said: "Chrome currently indicates HTTP connections with a neutral indicator. This doesn't reflect the true lack of security for HTTP connections.

Advertisement
Advertisement - Article continues below

"When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

Advertisement - Article continues below

"A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS."

Google says HTTPS is cheaper and easier to use, and has also provided a set-up guide for sites seeking to make the transition.

09/02/18 - Chrome pushes to phase out HTTP sites by labelling them as 'not secure' 

Google has announced it will be labelling all HTTP sites as "not secure" with the release of Chrome 68.

The search giant has for some time been encouraging developers to switch their sites to the more secure HTTPS protocol. This stance will now be accelerated by the release of the new Chrome 68 in July.

Users navigating the web through Chrome 68 will find all HTTP sites are classified as not being secure. As users will most likely turn to sites that are HTTPS protected, web developers will also most likely upgrade their sites to counter the loss of web traffic.

Advertisement - Article continues below

Currently over 68% of Chrome traffic on Android and Windows is protected while over 78% is encrypted on Chrome OS and Mac.

In addition, 81% of the top 100 sites now use HTTPS and emboldened by that, Google's open-source Lighthouse tool now has an audit feature that allows developers to see which resources are being loaded as HTTP and which of those can be upgraded to a HTTPS.

"Chrome's new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default," Google said. 

"HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP." 

Google's approach to HTTPS adoption is very much a 'carrot and stick' move, on one hand presenting HTTPS as an appealing and easy-to-use protocol and on the other penalising websites that drag their feet when it comes to moving to the more secure protocol.  

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020