Google has begun sending out notices to websites that have not yet made the move to securing traffic via the HTTPS protocol. With Google's Chrome browser (Version 62) - set to be released sometime in October - Chrome will start marking sites that don't use an SSL certificate as "NOT SECURE". It will show the warning if it detects any forms on the page that transmit passwords, credit cards, or any text input fields that the browser deems are in need of HTTPS protection. Using Chrome's incognito feature will trigger the warning on ALL HTTP pages!
This comes as the recent update back in January that began marking sites as "NOT SECURE" for those that transmitted password and credit card information; making this update a further push for Google's vision of marking all non-HTTPS sites as non-secure. It is a safe bet to say that Google will be pushing to make the warnings more prominent in the coming months.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” Chrome Security Team Emily Schechter said.
The email sent out from the Google Search Console urges site owners to fix the problem by migrating to HTTPS. Thanks to the push towards HTTPS from Google, the percentage of pageloads over HTTPS is now approaching 60%, according to Firefox Telemetry.
Monday, August 21, 2017