Google plans to mark HTTP sites as non-secure in Chrome, will start with password and payment pages in early 2017


Google prepares to make a significant change to how users get informed of security online. Starting in January 2017, Chrome will subtly mark payment and password pages as non-secure if they use HTTP instead of HTTPS. It is the first step towards marking all HTTP pages as non-secure with a more visible notice.

chromium blog

The above image shows what you can expect in the coming update which will be a part of Chrome 56. Instead of simply displaying the default icon. There you will found the “not secure” text on payment/password pages that only use HTTP. A page that’s served in HTTP makes it simple for an attacker on the same network. Just for modifying content before it reaches you. So called man-in-the-middle attack. Google starts with just payment and password pages because of their particularly sensitive nature.


The next step at an unknown future date will be for marking all HTTP pages as non-secure in Incognito mode. Especially, Google wants to display the above warning on all HTTP pages in Chrome. The much more explicit warning should get everyone’s attention. And encourage site operators for using HTTPS. Based on Google, the use of HTTPS in recent years has increased dramatically. More than half of all page loads in Chrome are now HTTPS. Google even has documentation to help websites implement HTTPS.

You May Also Like : Google Chrome Updates Available for Android with Quick Loading