Google will warn you that the site of HTTP connection will be "unsafe"

Google has disclosed a policy to treat sites that use HTTP connections when sending passwords and credit card information as "unsafe" sites on the Google Online Security Blog and Chromium Blog on the official blog.

Google Online Security Blog: Moving towards a more secure web
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Chromium Blog: Moving Towards a More Secure Web
http://blog.chromium.org/2016/09/moving-towards-more-secure-web.html

Google actively introduces HTTPS connection that encrypts communications with web pages, such as always making Gmail connection method HTTPS in 2014. Chrome 53, which is the latest version at the time of article creation, does not specifically display warnings other than exclamation marks when connecting to an HTTP connection website, but from Chrome 56 scheduled to be released in January 2017, If you connect to an HTTP site that sends credit card information, you will get a warning "Not secure" in addition to an exclamation mark.


User survey, It turns out that many users have not noticed the exclamation point mark meaning HTTP connection, and since some exclamation point marks are frequently displayed among users, they are ignored There are voices saying. In response to these users' feedback, it is said that warnings are displayed.

First of all, we will start to display warnings in incognito mode mostly used by security-conscious users, and then warn about all HTTP pages. Also, we will change the exclamation point and warning sentence in red so that the user's attention is drawn.


Google is calling webmasters using HTTP connections to change to HTTPS as soon as possible rather than changing the specifications after Chrome 56 was released. According to Google, changes to HTTPS are easier and cheaper than before.

You can check the guide on changing to HTTPS from the following URL.

Encrypting data in transit | Web Fundamentals - Google Developers
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/