Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Google Chrome Begins Flagging All HTTP Pages as 'Not Secure'

With today's release of Chrome 68 for desktops, the browser has started flagging all unencrypted HTTP sites as "not secure." Meanwhile, security researcher Troy Hunt has launched a site that lists the world's top 100 websites that don't use HTTPS by default.

By Angela Moscaritolo
& Michael Kan
Updated July 24, 2018
Best Encryption Software

Update (7/24): Google's plan to shame sites into employing HTTPS encryption goes into effect today. With today's release of Chrome 68 for desktops, the browser has started flagging all unencrypted HTTP sites as "not secure."

Meanwhile, coinciding with the release of Chrome 68, security researcher Troy Hunt has launched a site called whynohttps.com, which lists the world's top 100 websites that load over an insecure connection without automatically redirecting to a secure, encrypted one.

"HTTPS is now free, easy and increasingly ubiquitous," Hunt wrote on the site. "Yet still, many of the world's largest websites continue to serve content over unencrypted connections, putting users at risk even when no sensitive data is involved."

Original Story (2/8):
Google will take its efforts to shame website owners into encrypting their traffic up another notch this July with the release of Chrome 68.

At that point, Chrome will label all websites that use unencrypted HTTP connections as "Not secure" via a pop up on the left side of the web address bar, no matter the circumstance.

Google Chrome HTTP Not secure

The problem with HTTP is that any data the web page transmits can be potentially spied on, which could expose passwords or credit card information. As a result, Google has been pushing websites to embrace HTTPS encrypted connections.

Over the past two years, the company has been steadily adding "Not secure" alerts to the browser to flag web pages still on HTTP. However, the alerts have only been appearing under certain conditions, like if you start typing information into an HTTP page.

Google decided to gradually roll out the alerts to give website owners time to implement the encryption. But that grace period is coming to an end, the company said in a Thursday blog post. The good news is that more sites are steadily adopting the encryption; 81 of the top 100 sites on the internet now use HTTPS by default, the company said. In addition, 68 percent of Chrome browser traffic over Android and Windows is now encrypted, up 4 points from October.

Eventual Chrome Not Secure Warning

For now, the "Not secure" alert appears only in gray text with a white information icon next to it. But in the future, Google intends to make the alert red, with a warning triangle attached. Mozilla's Firefox has also been labeling HTTP pages with similar-looking alerts.

A Conversation with WNYC's Manoush Zomorodi on Digital Privacy
PCMag Logo A Conversation with WNYC's Manoush Zomorodi on Digital Privacy

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Angela Moscaritolo

Managing Editor, Consumer Electronics

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

Read Angela's full bio

Read the latest from Angela Moscaritolo

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan