Google has for some time wanted to push the web to adopt HTTPS encryption and that day has arrived, Google Chrome is now marking all plain HTTP sites as “not secure,” as of July 24, 2018. Google has release Chrome 68. Previously, the “not secure” warning was hidden behind the security indicator in the URL bar as shown below.
but with the release of Chrome 68 that has all changed. The browser now immediately displays the “Not secure” message in the omnibox for all HTTP pages.
and that isn’t the end of it today Google announced a time frame for eventually marking HTTP sites with a red “not secure” warning, which will make it even more noticeable if a website doesn’t have an SSL certificate to encrypt data
Eventually, our goal is to make it so that the only markings you see in Chrome are when a site is not secure, and the default unmarked state is secure. We will roll this out over time, starting by removing the “Secure” wording in September 2018. And in October 2018, we’ll start showing a red “not secure” warning when users enter data on HTTP pages.
Google Chrome currently captures 60% of the browser marketshare worldwide, making it one of the company’s most effective vehicles for driving HTTPS adoption. Firefox Telemetry shows that HTTPS traffic is at 81% for US users and 73% for all users.
Google’s Transparency report shows similar numbers for percentage of pages loaded over HTTPS in Chrome. 84% of US traffic is encrypted by HTTPS.
Google has even more weapons in its arsenal for compelling website owners to switch to HTTPS. Even before Chrome began flagging unencrypted sites, the search engine added HTTPS as a ranking signal in 2014. It started as a lightweight signal that affected fewer than 1% of global queries. Google has also indicated that HTTPS may break ties between two equal search results, making a difference for competitive niches. With more sites adopting HTTPS as the norm, the company may choose to strengthen the signal in the future.