HTTPS Everywhere: Powered by Google. Supported by Rayveon
Google Chrome started marking all non-HTTPS sites as ‘not secure’ July 2018
In case you haven’t already heard, Google Chrome started marking all non-HTTPS sites as ‘not secure’ July 2018. That means if you visit a site that is not encrypted with an SSL (or TLS) certificate, Google will let you know that the site is not secure by displaying the words ‘ Not secure ’ in the omnibox on Google Chrome.
This update coincided with the release of Google Chrome 68, on the path to a safer, more secure web where HTTPS is the default standard for all websites.
Where it began
Google’s push for ‘HTTPS Everywhere’ began in June 2014. During an informative session facilitated by Ilya Grigorik (Webmaster Trends Analyst) and Pierre Far (Web Performance Engineer), Google announced its vision and laid out the necessary steps one should take to properly secure a website – including how to make the switch to HTTPS, best practices, user benefits and more.
That same year, after a series of ranking signal tests yielded positive results, Google officially began using HTTPS as a ranking signal in its search algorithm. With this change, HTTPS sites got a slight Google ranking and index boost (which might increase in the future) over non-HTTPS sites.
The next big development arrived in January 2017, when Google began marking all non-HTTPS sites that received passwords or credit card information as ‘not secure.’ And by late 2017, Google added all non-HTTPS sites on which data was being entered and all non-HTTPS sites being visited in incognito mode to its roster of sites to mark ‘Not secure.’
Last, but certainly not least, in Feb 2018 , Google announced its plan to start marking all non-HTTPS sites as ‘not secure’ by mid-2018, bringing us to where we are today. If Google’s announcements and developments seem to have arrived steadily and gradually, it has been 100% intentional. Google wanted to give site owners plenty of time to migrate their sites to HTTPS as painlessly and seamlessly as possible. In essence: “Don’t say we didn’t warn you.”
SSL explained if you aren't familiar
SSL stands for Secure Sockets Layer, and puts the ‘ S (which stands for secure )’ in ‘ HTTPS .’ SSL encrypts data being transferred over a server so that it will be protected, particularly as it travels from sender to recipient.
Any time you send information through an HTTPS site, its server will issue a certificate and use it to verify that the recipient is legit (authentication), encode your information so that it’s readable only to the recipient (encryption), and send it to the recipient, who will have to use a key to ‘unlock’ and read your information. Any information you send is viewable on every computer that passes it along to the recipient. Encryption prevents your information from being compromised or stolen along the way.
In short: get on board or get left behind
The end of HTTP is near. If you’re not convinced by the fact that the world’s largest and most trusted search engine is backing this endeavor (and rewarding HTTPS sites with better SEO), you should also consider the fact that many new website features require SSL encryption to even function in the first place. For example, sites that accept any type of card payment are required by the PCI (Payment Card Industry) to have SSL/TLS encryption. Count on HTTPS being a M-U-S-T if you want to stay current, or you’ll run the risk of being left behind.
