Google Chrome 68 HTTP treatment

Google announced earlier today plans to mark all HTTP sites as "Not Secure" in Chrome, starting with July 2018, when the company plans to release Google Chrome 68.

The company's decision comes after HTTPS adoption increased among website owners and a large chunk of today's traffic is now encrypted.

Google said that more than 68% of Chrome traffic on both Android and Windows and over 78% of Chrome traffic on both Chrome OS and Mac, is now being sent via HTTPS.

Google has been preparing for this

The decision to mark all HTTP sites as "Not Secure" in the URL address bar is part of the company's larger strategy.

The first stage of this plan rolled out with Chrome 56 when Google marked all HTTP pages as "Not Secure" if the pages contained password or payment card fields.

The second stage took place with Chrome 62 when Google marked all HTTP pages opened in a Private Browsing window as "Not Secure."

July's Chrome 68 release will mark this process' third and final stage.

Google is not alone in its decision to penalize all HTTP sites. Mozilla started this trend in December last year when engineers started laying the groundwork for Firefox to mark all HTTP sites as "Not Secure" as well.

Unlike Google, the Mozilla Foundation did not announce a deadline when it planned to activate this new policy. Just like Google, Mozilla cited the same rise in HTTPS adoption as the main reason to make the switch to an "HTTP-not-secure-by-default" policy.

Wth today's announcement, Google also said it improved its Lighthouse app to include checks for a website's HTTPS-related settings.

Related Articles:

Google Chrome to Remove "Secure" Indicator From HTTPS Pages in September

Built-In Lazy Loading Lands in Google Chrome Canary

Chrome 68 Released With Warnings on HTTP Sites, But Also Other Security Features

Google's Removing the file:// Scheme from Chrome's Address Bar

Chrome 69 Shows the WWW & M Subdomains Again, but It’s Only Temporary