Google: 'Web has never been more secure', as HTTPS dominates Chrome browsing

Chrome desktop users are spending 75 percent of their time on encrypted HTTPS sites, Google Transparency Report's new HTTPS usage tracker shows.
Written by Liam Tung, Contributing Writer

Google has revealed the percentage of pages loaded over HTTPS in Chrome.

Image: Google

New figures from Google show that nearly two-thirds of pages loaded on Chrome OS devices are HTTPS sites, followed closely by Mac, Linux, and Windows.

HTTPS connections are encrypted, protecting traffic between the browser and web server against man-in-the-middle attacks. They are also seen as a key way to frustrate snooping by ISPs and governments.

"A web with ubiquitous HTTPS is not the distant future. It's happening now, with secure browsing becoming standard for users of Chrome," say Chrome's security team.

Ahead of changes to how Chrome warns users when connecting to a site over HTTP, Google has beefed up its Transparency Report with an HTTPS usage tracker.

The section shows the percent of pages loaded over HTTPS and percentage of browsing time spent on HTTPS websites, as well as a breakdown for 10 countries.

Chrome 56's stable release in January ushers in the first phase of new descriptions for HTTP and HTTPS sites. Chrome currently shows a neutral mark before an HTTP site's name in the address bar, but in Chrome 56 it will label them explicitly as 'Not secure'.

This practice will start with HTTP pages that collect passwords or credit cards, but will eventually roll out to all HTTP sites.

Other components of Google's HTTPS drive include tracking the top 100 sites that have switched to HTTPS, using HTTPS as a ranking signal for search, and its Certificate Transparency project, which monitors certificate authorities issuing the digital certificates that enable HTTPS.

Separately, the Let's Encrypt non-profit certificate authority, which provides digital certificates for free, has issued well over a million certificates to websites since its launch last November.

The share of webpages loaded by Firefox using HTTPS has climbed from 40 percent when Lets Encrypt launched last November to just under 50 percent today.

Google's HTTPS tracker shows that worldwide the percentage of pages loaded over HTTPS on Chrome on all platforms has surpassed 50 percent, up from 40 percent in mid-2015. On Chrome OS the figure is 67 percent.

Time spent on HTTPS sites currently ranges between 69 percent to 85 percent, depending on operating system. However, mobile HTTPS page loads are significantly lower, with Chrome on Android climbing from 29 percent in mid-2015 to 42 percent today.

While HTTPS usage is on the rise, there's still a long way to go before it really is ubiquitous. Google figures show that just 34 of the world's top 100 sites have enabled HTTPS by default. Some sites, including Microsoft's search engine Bing and Apple's website, for example, support HTTPS, but don't use that by default.

Google argues that switching to HTTPS for many sites has produced a "negligible effect" on search traffic. While most tech sites have enabled HTTPS, only a handful of the world's top news publishers have yet to make the switch.

However, it's hoped that all website operators will be drawn to more powerful features of the web that are aren't available to HTTP sites on Chrome, such as offline support, credit-card autofill, and HTML5 geolocation support.

Besides that, HTTP v2 means HTTPS pages now load faster than HTTP, though browser support is incomplete.

Given Chrome has one billion users, access to those features are likely to be an important incentive to web developers to make the switch.


Editorial standards