The Move From HTTP to HTTPS
From July 2018 onward, all sites that do not use the HTTPS encryption will automatically be flagged by Google’s Chrome browser. According to reports, this is in line with the launch of Chrome 68, where all HTTP sites will be marked as “not secure” and this will be prominently highlighted in its URL bar. At present, Chrome displays a neutral information icon, but with the version 68, users will be warned with an extra notification in the address bar. It was announced that this was due mainly to the increased HTTPS adoption, with more than 81 of the top 100 sites on the web defaulted to HTTPS. Furthermore, a large majority of Chrome traffic is already encrypted.
Final Reminder From Google
Over the last few years, Google has already been alerting users, but this is the final reminder. The reason for this is because HTTPS encryption will protect the channel between the website you are visiting and your browser. This would help ensure no one can tamper with the traffic or spy on what you are doing. Without the encryption, it is possible for a third party to gain access to your router or ISP and intercept information or worse, inject some malware. With projects like Let’s Encrypt and others, it is very easy to enable HTTPS for almost every site – giving site almost no excuse as to why they should not make the move. In fact, even now, mixed in the latest Node CLI version of Lighthouse, there are mixed content audits available to help with the migration. This new audit in Lighthouse, developers can easily locate which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS. This is done simply by changing the sub-resource reference to the HTTPS version.
Overall, according to reports, HTTPS is now much easier and cheaper than ever before, and unlocks both performance improvements and powerful new features that are too sensitive for HTTP. However, one has to remember that the process of enabling HTTPS for existing sites is not trivial and there are chances some webmasters and developers may opt to keep things running as they are, despite the warnings that Chrome will soon show their visitors.