In security push, Chrome will soon mark every HTTP page as "non-secure"

Starting in Chrome 68 -- scheduled for July -- all sites and pages without encryption will be flagged by Chrome.
Written by Zack Whittaker, Contributor

(Image: ZDNet)

Google has said starting later this year its Chrome browser will mark all websites that haven't adopted HTTPS encryption as "not secure."

That means any site that doesn't load with a green padlock or a "secure" message in the browser's address bar will be flagged as insecure.

Emily Schechter, Chrome security product manager, confirmed in a blog post that the changes will come into effect with Chrome 68, scheduled for July.

"For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption," she said in the blog post published Thursday. "And within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as 'not secure'."

It's the latest escalation in the search and browser giant's effort to gradually push more webmasters into adopting HTTPS, a secure encryption standard for data in transit.

That means any data sent from your computer or device to that website is transmitted securely and can't be intercepted by an attacker. Because HTTPS wraps a secure tunnel around the site and its user, the encryption also serves as a way to ensure that the content hasn't been modified by an attacker.

The company has employed several other tactics, including ranking sites with HTTPS higher in its search results, as an incentive to drive web developers to adopt the technology.

According to Google, 81 out of the top 100 ranked global websites now use HTTPS by default.

But there are thousands of news and other popular websites that still haven't made the leap (ZDNet included).

For smaller and younger sites, transitioning to HTTPS can be a breeze. Many hosted solutions and servers offer plug-and-play certificates to enable website encryption in a flash. But for larger, sprawling, and legacy sites, HTTPS can be a nightmare. That's because everything on the domain has to be secured -- and a single outlying element can reduce a page to an insecure one.

When reached for comment, Georgina Kennedy, director of product, B2B at CBS Interactive, told ZDNet: "After the completion of HTTPS for sister-site TechRepublic, we're now in the development phase for HTTPS with ZDNet -- and this requires thorough testing."

"Our goal is to be live on HTTPS well before this July deadline," she added.

Sister-site CNET completed its transition to HTTPS in February last year.

By our count, 88 percent of the top 50 websites featured on Techmeme, a popular news aggregator, are HTTPS by default.

Editorial standards