Chrome will start labeling some HTTP sites as non-secure

Slowly but relentlessly, Google is pushing website owners to deploy HTTPS – or get left behind.

The latest announced push is scheduled for January 2017, when Chrome 56 is set to be released and will start showing in the address bar a warning that labels sites that transmit passwords or credit cards over HTTP as non-secure.

http non-secure

In due time, all HTTP pages will be labeled by Chrome as non-secure, and ultimately, the HTTP security indicator will turn red, and sport the same “Danger!” triangle with which sites with broken HTTPS are currently marked:

Ultimate look of the warning

Google is in the perfect position to spearhead the campaign aimed at pushing the collective Internet towards the default use of HTTPS. Changes in Chrome are one way to do it.

Previously employed tactics include prioritising websites using HTTPS in Google Search rankings and adding a new section to the company’s Transparency Report that allows users to keep an eye on Google’s use of HTTPS, and HTTPS use of the top 100 non-Google sites on the Internet.

“A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing,” noted Emily Schechter, of the Chrome Security Team.

“We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.”