In Chrome 68, released on July 24, Google announced that all HTTP sites will be labeled not secure, and that it plans to de-weight and rank HTTP sites in Google search results.
Last January, Google changed the policy to only use pages with login information, but now all pages, meaning that the browser will be more cautious when loading non-HTTPS sites. Chrome will begin to issue warnings whenever it encounters potentially unsafe sites.
Google explained the change:
Chrome’s new interface will help users learn that all HTTP sites are insecure and adopt secure HTTPS sites. HTTPS is more convenient and cheaper than ever, and it brings performance improvements and powerful new features that HTTP doesn’t have.
Chrome currently features the word “unsafe” in black, but eventually Google will label the word “unsafe” in red, with a red warning icon next to it, to further emphasize that HTTP sites should not be trusted.
HTTPS is more secure than HTTP transport
For the past two years, search giant Google has been focusing on the security of its Web site, and has been promoting the use of HTTPS for its Web site, which has achieved better results by changing the Chrome user interface.
More than 68 percent of Chrome traffic now comes from HTTPS, the more secure protocol, on Android and Windows, and more than 78 percent of Chrome traffic on Chrome OS and Mac. Eighty-one of the top 100 sites in the world use HTTPS by default.
Google believes that security is essential to the Web, and that the HTTPS protocol can better protect user data on the Web.
HTTPS is also known as HTTP Secure, or you can think of it as an encrypted version of HTTP. HTTP uses plaintext transmission, which gives attackers many opportunities to read plaintext passwords and tamper with pages. HTTPS is an upgraded version of HTTP. It is more secure and reliable than HTTPS because it involves many encryption and decryption processes and greatly reduces the risk of wiretapping, man-in-the-middle attack, or data tampering. Sites that use HTTPS have a ranking advantage over sites that don’t.
Web encryption to protect user accounts and passwords sounds like a perfectly normal description, but some HTTP sites have yet to be upgraded to HTTPS, which protects data. When users visit unencrypted sites, they unwittingly reveal personal data.
The main user groups of foreign trade enterprises and cross-border e-commerce enterprises are concentrated in Europe and the United States, Southeast Asia, Japan and South Korea, and Google Chrome occupies a very high share among these users. Therefore, foreign trade enterprises must take [HTTPS] into account before preparing for the launch of the website, so as to avoid the warning of Google’s “unsafe” label, which will cause users’ doubts and distrust.
For example, when A user browses similar websites, Chrome displays “Secure” because COMPANY A has HTTPS deployed, but displays “insecure” because company B has no HTTPS deployed. Under invisible contrast, company B is directly marked down in the minds of potential users, and users will choose Company A to A large extent, because Company A’s image is more credible to the third party and its corporate strength is more prominent.
HTTPS is imperative for the whole network
Through this Chrome update, with Chrome being the browser used by a considerable number of people, Google hopes to promote more security protection in data security, to protect the personal data of users when browsing the web.
In recent years, more and more third-party services have begun to recommend or even require HTTPS connection, such as wechat login, wechat Pay, SMS verification code, map API, etc., which are widely used. For example, Apple announced in WWDC in 2016 that The company expects all iOS apps in the official App Store to use secure HTTPS links to communicate with its servers. Baidu, 360, Sogou and other search engines have also announced that they will give priority to HTTPS websites.
It can be seen that HTTPS protocol is the general trend for websites. It is the only choice for enterprises to build stations.
How should webmasters who still use HTTP be prepared?
To upgrade a website from HTTP to HTTPS, you only need to deploy the SSL certificate. Select the SSL certificate type based on the actual application scenario and configure the SSL certificate on the website server. After the SSL certificate is successfully installed, the web address displayed in the address bar of the browser is the prefix HTTPS.
TrustAsia has expertise in Internet security, A series of network information security management solutions, such as SSL digital certificates of international well-known brands, SSL certificates of TrustAsia®, SSL certificate management of independent intellectual property rights, SSL protocol-level monitoring and certificate risk assessment, are provided for all industries to better ensure the sustainable stability of the website. We have a 7*24 hour one-to-one technical support service to respond promptly and quickly resolve SSL certificate deployment issues, helping websites to migrate smoothly from HTTP to HTTPS as soon as possible.