Starting in July 2018, Google Chrome will mark all HTTP sites as “not secure,” according to a blog post published by Chrome security product manager Emily Schechter.
Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate from 2018. Google proposed that web browsers should flag all plain HTTP web pages as unsecure and made the move to boost search engine rankings for sites using HTTPS URLS. Now, Google is getting ready to place a dreaded red “x” through websites that do not offer an encrypted connection. Google plans to mark non-secure pages, such as HTTP, with the same bad indicator as broken HTTPS. This simplifies the set of security indicators users receive on their browsers; however, there is debate as to whether this method is more accurate than just marking such pages as neutral.
This means that when a user visits an unsecure HTTP site, a red “x” warning will be displayed in the website address bar, unlike the blatant large warning displayed on a phishing site. As these security warnings become a common occurrence on the Internet, it is increasingly important that users do not get into the habit of ignoring them. While it remains unclear when Google Chrome will implement this change, Google has created a new tool, the Security Panel in DevTools, to help developers decipher the warning behind the red “x” and to further achieve their ultimate goal for HTTPS everywhere.