Cyber SecurityInfo

Google Chrome is marking non-HTTPS sites as InSecure


From 24th July onwards, Google Chrome will significantly mark all non-HTTPS websites as ‘Not secure’ in order to secure the web for Internet users.

At present Chrome displays a neutral information icon and marks HTTPS-encrypted sites with a green lock icon and “Secure” sign. But with the version 68 released now, the browser will warn its users with an extra notification in the address bar.

In case you are still using an insecure HTTP (Hypertext Transfer Protocol) website, your  visitors might have already been addressed with a ‘Not Secure’ message on their Google Chrome browser warning them that they can’t trust your website to be secure.

When ‘Not Secure’ is displayed, Google Chrome means that your connection is not secure because there is no SSL Certificate to encrypt your connection between your computer and the website’s server.

Anything sent over a non-HTTPS connection is in plain text, such as your password or payment card information thereby inviting the attackers to alter or steal your data.

The non-https connection are considered as dangerous especially for web pages that transfer sensitive information like passwords, login pages, forms etc. because this will allow an attacker to perform a man-in-the-middle attack to intercept these sensitive data while they traverse through the network.

This change did not happen all of a sudden, instead Google have given plenty of time for the website administrators to move their sites over to a secure connection.

Initial Stage : Google began its mission to make the web a more secure place by displaying ‘Not Secure’ warning in the address bar for those HTTP websites that collect passwords and credit card information on their customers. This began with the release of Chrome 56 in January 2017.

Transitional Stage : In October 2017 Google Chrome 62 was released and the web browser started labeling all those websites as ‘Not Secure’ which had any kind of text input fields to enter data over an insecure HTTP site as well as on all HTTP pages visited in Incognito mode, where users may have higher expectations of privacy.

Final Stage : On 24th July 2018, Google has released Chrome 68, and will be marking all websites that do not use the secure HTTPS encryption as ‘Not Secure,’ even if they don’t handle sensitive data, communications, or information.

Move Your Site to HTTPS

According to Google’s transparency report, 75 percent of websites visited in Google Chrome on Windows is using HTTPS, and 81 out of the top 100 sites on the Internet today use HTTPS by default.

Why Should You Enable HTTPS On Your Website

HTTPS encryption protects the channel between your browser and the website you visit making sure that no one can interfere with the traffic in the middle. HTTPS improves Google rankings and SEO. It improves website security and privacy, increases credibility and improves customer confidence. It improves website speed, as HTTP2 is faster than HTTP. HTTPS makes surfing over public Wi-Fi safer and it is totally free.

If you have not SSL implemented yet, your website with the Not Secure warning is going to scare your visitors. Installing an SSL certificate and enabling HTTPS on a website is an easy job. You can use automated services like CloudFlare or Let’s Encrypt that allow anyone to obtain free SSL certificates for their web servers. Google has also published a tutorial explaining how to migrate a website to HTTPS.

With the release of Google Chrome 69 in September, the company is also planning to remove the “Secure” label on HTTPS web pages, ensuring the users that the web is a safe place by default.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Bluetooth Vulnerability Hits Millions of Devices

    Previous article

    Apache Tomcat Released Patches for Security Vulnerabilities

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *