Not surprisingly, Google’s popular browser, Chrome, has started marking HTTP sites as not secure, beginning July 24. Chrome is now marking all plain HTTP sites as “not secure.” Webmasters and publishers were given publishers six months’ notice of this upcoming change that went live yesterday.
Rather than the small “i” icon for HTTP URLs, Chrome has added a “Not secure” label of text to that. This is what it looked like before users upgrade to Chrome 68.
Keep in mind that most of those who download Chrome are set for automatic browser updates and thus will be upgraded to Chrome 68 automatically in the future.
It’s strongly recommended that you upgrade your website to HTTPS URLs and be secured, regardless of if your site asks for payment information, logins or other private information. A migration from HTTP to HTTPS can be an undertaking depending on the size and scope of your website. The following resources are in-depth guides to making this change on your or your client’s sites. There’s even resources for validation and dealing with mixed content issues.
- HTTP to HTTPS: An SEO’s guide to securing a website
- A comprehensive guide to SSL certificates
- Using the Mixed Content audit tool in Lighthouse
Google has posted on their Chrome blog that on July 24th they were “rolling out these changes to all Chrome users.” Starting in the latest version of Chrome (68), you’ll see a new “not secure” notification when visiting HTTP pages.