Well, it’s finally happening: Starting with its next major release, Google Chrome will flag websites that are not delivered over HTTPS.
Google first announced its plans for this change way in September 2016, when it noted that Chrome didn’t then accurately reflect the lack of security in websites delivered over HTTP.
Since then, Google’s attitude towards insecure website has evolved, however. In October 2017, it announced that it would reverse how website security is identified in Chrome. Now, instead of showing a secure badge for HTTPS sites, it would display nothing; and it would display a “not secure” badge for HTTP sites.
Those changes arrive over the next two Chrome releases. Chrome 68, which Google plans to release today, on July 24, will now flag HTTP sites as “not secure.” And with Chrome 69, due in October, the browser will no longer flag HTTPS as “secure”: Instead, that will be the expectation for websites and only exceptions will be highlighted.
(Note that Thurrott.com has been delivered over HTTPS since its inception in January 2015. –Paul)