When loading a website over HTTP, it is possible for someone else on the network to view or modify the site before it is delivered to you, meaning sensitive information such as passwords, banking details and other private data are at risk of being stolen.
Sites loaded over the HTTPS protocol, with the “S” at the end standing for “Secure”, indicate that communications between your browser and the website are encrypted and thus more secure. Not only does this mean that information cannot be intercepted, it also creates a sense of trust and confidence for those accessing a site.
Historically, Chrome has not explicitly labelled HTTP connections as non-secure in the address bar of its browser.
Previous versions of the browser indicated HTTP connections with a neutral indicator, which according to Emily Schechter of Google’s Chrome Security Team, didn’t “reflect the true lack of security for HTTP connections”.
Schechter notes that Google’s plan to label HTTP sites more clearly and accurately as non-secure will take place gradually, based on increasingly stricter criteria.
Chrome 56, the latest beta version of the browser, will mark HTTP pages with password or credit card form fields as “not secure” since they are particularly sensitive to security breaches.
According to Motherboard, several companies and organisations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.
HTTPS usage is growing, with Google saying more than half of the desktop pages on Chrome have been served over HTTPS.
In future releases, Chrome will carry more HTTP warnings. “Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” writes Schechter.
• Contact us for more information about setting up encryption on your website