Effective July 2018, Google’s Chrome browser will mark non-HTTPS sites as ‘not secure’
After years of pushing for 'secure by default' web sites, Google will identify insecure sites in the Chrome browser beginning mid-Summer.
July is shaping up to be a big month for Google. Earlier this month, the company announced its Speed Update set to roll out in July, and today announced it will then also mark all sites that have not migrated to HTTPS as “not secure.”
This move will coincide with the release of Chrome 68 and will look like this in a user’s browser:
Google has been pushing webmasters to make the change to non-secure web sites a for years now – including hinting at small rankings boost to further incentivize the shift. The campaign has proved successful. According to their blog post:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
Depending upon the size of a site and scope of the project, a migration from HTTP to HTTPS can be quite an undertaking. Check out the resources below for in depth guides to making this change on your or your client’s sites, along with resources for validation and dealing with mixed content issues.
- HTTP to HTTPS: An SEO’s guide to securing a website
- A comprehensive guide to SSL certificates
- Using the Mixed Content audit tool in Lighthouse