Special Feature
Part of a ZDNet Special Feature: Security TV - Video Series

Google: This surge in Chrome HTTPS traffic shows how much safer you now are online

Google's HTTPS-everywhere push is showing results in page loads on Chrome.

Google's efforts to knock the web into a state of HTTPS-by-default is showing signs of working, with a significant rise in HTTPS traffic on Chrome on Android, Windows, Mac, and Chrome OS.

A year ago Chrome traffic crossed a key threshold, when traffic protected by HTTPS on Windows passed the 50 percent mark. As of October 14, the figure for Chrome on Windows stands at 66 percent.

The percentage of HTTPS page loads on Chrome is growing on all platforms. HTTPS traffic on Android is now 64 percent compared with 42 percent a year ago. HTTPS-protected traffic on Chrome for Mac and ChromeOS is 75 percent, up from 60 percent and 67 percent respectively a year ago.

Google also notes that 71 of the 100 most popular sites have now enabled HTTPS by default, up from 37 a year ago.

According to Google's HTTPS encryption transparency report, 73 percent of pages loaded in the US using HTTPS in Chrome on Windows, up from 59 percent a year ago.

chart-width-1000.png

The web is getting more secure, according to Google.

Image: Google

It reports slightly lower levels in other major markets, such as Brazil, Germany, France, and Russia, but all are trending upwards in a similar fashion. HTTPS page loads in Japan are also rising, but only account for 55 percent of all pages, up from 31 percent a year ago.

Google has created numerous incentives and penalties to encourage and prod developers into enabling HTTPS, from making it a positive ranking signal in search to changing Chrome's security warnings for HTTP pages and sponsoring the Let's Encrypt certificate authority, which provides free digital certificates.

Chrome now has over a billion users and Google mandates HTTPS to use newer browser features that allow websites to access hardware, such as a computer's camera or microphone.

This year, Google began operating its own Root Certificate Authorities to issue SSL certificates for its products and has recently launched a managed SSL service for App Engine customers.

And the company has started enabling enforced or 'Strict' HTTPS (HSTS) for its top-level domains (TLDs) such as .foo and .dev to ensure that all sites under these TLDs follow the HSTS policy after acquiring a digital certificate.

Let's Encrypt meanwhile has been issuing as many as one million certificates per day this year and currently reports that 63 percent of pages loaded by Firefox use HTTPS.

"HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP," wrote Emily Schechter, a Chrome security product manager.

Related coverage

Google: Here's why we're putting all our top-level domains on forced HTTPS list

All sites under Google's top-level domains will automatically support HTTP Strict Transport Security.

Google and Mozilla are right: AV firms do need to stop breaking HTTPS security

A supporter of the antivirus industry has defended the practice of intercepting encrypted traffic for malware analysis, but admits vendors need to clean up their act.

Read more on Google and security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All