As you expected, Chrome, Google’s popular browser, will start marking HTTP sites as not secure beginning tomorrow. On July 24, 2018, Chrome will mark all plain HTTP sites as “not secure.” Google has given webmasters and publishers six months’ notice of this upcoming change, and it is now going live tomorrow.
Instead of the small “i” icon for HTTP URLs, Chrome will add a “Not secure” label of text to that. Here is what it looks like today before users upgrade to Chrome 68. Note, most of those who download Chrome are set for automatic browser updates and thus will be upgraded to Chrome 68 automatically in the future.
It is strongly recommended to upgrade your website to HTTPS URLs and be secure, even if your site does not ask for payment information, logins or other private information. Depending upon the size of a site and scope of the project, a migration from HTTP to HTTPS can be quite an undertaking. Check out the resources below for in-depth guides to making this change on your or your client’s sites, along with resources for validation and dealing with mixed content issues.
- HTTP to HTTPS: An SEO’s guide to securing a website
- A comprehensive guide to SSL certificates
- Using the Mixed Content audit tool in Lighthouse
Postscript: Google has posted on their Chrome blog that on July 24th they are “rolling out these changes to all Chrome users.” Starting in the latest version of Chrome (68), you’ll see a new “not secure” notification when visiting HTTP pages.