Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Google will mark non-HTTPS sites as "not secure" in Chrome starting this month (Updated)

Starting with Chrome 68, any HTTP site will be labeled "Not secure" in the omnibar, informing users of the danger of visiting.
By
July 3, 2018
Google Chrome on the Google Pixel 2 XL.

Update (07/03/18): Just a simple reminder that Google Chrome will mark unencrypted websites as “not secure” sometime this month. Make sure to get your website encrypted if you do not want Google to call you out on the address bar in the Chrome browser.


Original article: Over the past few years, Google has pushed hard for websites to adopt an encrypted communication protocol. Sites that use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are given a slight boost in search rankings, for example, and the Chrome browser gives encrypted sites a nice green padlock icon in the address bar (you can see the Android Authority padlock in your address bar right now, if you are viewing with a Chrome browser).

Read Next: Everything you need to know about Google .app domains

But now Google is going all in. Starting this month, any site with a Hypertext Transfer Protocol (HTTP) address rather than a Hypertext Transfer Protocol Secure (HTTPS) address will be marked as “not secure” in the Chrome browser.

Today, if you visit an HTTP site, there is an info icon next to the address that users can click that will inform them of why the site they are visiting does not get the green padlock. But starting with Chrome 68, the omnibar will feature the same information icon, but with text next to it that says “not secure.” See for yourself how it will look here:

Google is making this change to solidify their stance on making the internet safer for everyone. Many users are not aware of the difference between secured sites and unsecured sites, or the dangers apparent with doing things like filling out forms or giving credit card information over an insecure connection. With a simple, easy-to-understand warning at the top of every HTTP page, users will hopefully understand that they should not trust unencrypted sites.

15 best Android browsers for surfing whatever website you want
App lists
best android browsers featured image

Technically, any site that accepts credit card information must be secured with TLS or SSL to be PCI compliant, but it is rather easy for sites to set up these protocols at the beginning and then dismantle the security after regulatory approval. Furthermore, some sites only secure the pages where you enter your credit card info, and not the entire site itself, which makes things confusing and dangerous for consumers.

Really, there is no excuse anymore for websites to be unencrypted; SSL certificates are available for zero cost from a variety of systems, and most web hosting packages these days come with a free certificate.

If you have a website that is unencrypted, make sure to get it secured. Failure to do so could lead to many visitors abandoning your site at the first click. Check out Lighthouse, an automated tool for improving web pages, for assistance.