Search engine giant, Google, on Friday said that it will soon mark all HTTP sites as non-secure. The information was shared by Chrome security product manager Emily Schechter in a blog post for the company. The move is aimed at encouraging websites to adopt HTTPS encryption. The Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, a protocol over which data is sent between the user’s browser and the website that they are connected to. As per the blog post, the ‘not secure’ tag for the HTTP websites will start rolling out from July 2018, the same month when Chrome 68 is expected to make its debut.
The company believes that the transition from HTTP to HTTPS has helped protect over 68 per cent of Chrome traffic on Android and Windows last year. The search giant revealed that over 78 per cent of Chrome traffic is now protected on Chrome OS and Mac. “Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages,” the Google blog post read.
Lighthouse supports a new audit that helps developers find which resources a site loads using HTTP. It also makes it easy to identify those which can be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as not secure. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as not secure,” the post added.
Google said that 81 out of top 100 sites on the web use HTTPS by default. The company had announced that it will mark all HTTP pages as non-secure in December 2016 for the first time. The feature was unveiled for Chrome version 56, which marks HTTP pages that collect passwords or credit cards as non-secure.