To force website developers to a more secure online status the world’s most popular browser, Chrome, will be a tool for Google: go HTTPS or go home.
Google will begin in January to warn internet users when a site has not yet updated to the more secure HTTPS web connection by flagging it as continuing to use the far less secure HTTP connection.
HTTP or Hypertext Transfer Protocol has been since nearly the beginning of the World Wide Web the preferred connection method between users and websites. HTTPS adds a security layer, long used for sensitive information transfer, by adding encryption. For the last ten years or so HTTPS has been used increasingly to not only protect the transmission of sensitive data but also as a way to authenticate websites.
Google’s push to flag on Chrome sites continuing to use the only HTTP will no doubt push even the most recalcitrant web developers to HTTPS.
“Our plan to label HTTP sites more precisely and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria,” explained the Google Security Blog. “Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature.
The shift to the more secure HTTPS is gaining steam.
“In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as ‘not secure’ in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to mark all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
“A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing,” says Google. “We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. Also, since the time we released our HTTPS report on February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.” states Google.
Photo Credit: Matthew Weibe on Unsplash
WP4Good Club members receive free Let’s encrypt certificate
Birgit here: Let us know if you have any questions about this. We provide members of WP4Good Club free SSL certificates via Let’s Encrypt initiative of the Electronic Frontier Foundation and our hosting partners. Connect with us, if you have questions via [email protected] or send a message from this page: