Technology Blog »

All HTTP Websites are Unsecure, says Chrome


HTTP unsecured says Chrome

Ever since Chrome evolved its security indicators, HTTPS usage has become critical on the web. Using HTTPS has become a requirement for many new browser features, now that Chrome has made it easier than ever to set up HTTPS. Let’s take a look at how:

For the past several years, Google has strongly advocated that sites use the Secure HyperText Transfer Protocol (HTTPS) encryption, which would lead to an all-around more secure web. Last year Google began to mark some HyperText Transfer Protocol (HTTP) as “not secure,” as a way to warn users about unencrypted websites and to push these websites to adopt HTTPS. In July 2018, a new Chrome update will have the browser marking every HTTP site as “not secure.”

Chrome’s move has been successful in bringing on increased HTTPS usage. Out of the top 100 sites on the web, 81 defaults to HTTPS, and the majority of Chrome traffic is already encrypted. Over 68% of Chrome traffic on Android and Windows is now protected, and this number rises to over 78% traffic on Chrome OS and Mac.

 

HTTPS: The benefits and difference

What's the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site's owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

 

#1 HTTPS protects a site's integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject Malware into otherwise legitimate pages.

 

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

 

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let's Encrypt and Google's Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren't possible with HTTP.