Today’s the day that Chrome brands plain old HTTP “not secure”July 24, 2018
Since February, Google has planned to brand non-HTTPS sites as “Not Secure,” and today, with Chrome 68, that change is being rolled out to a wide audience.
With the change, every site now gets a label in its address bar: “Secure” if the site is loaded over HTTPS, “Not Secure” otherwise. In September, Google will make another change and remove the “Secure” label, marking the transition to a world where secure HTTP is the default rather than the exception.
Most major online sites and services do now support and default to HTTPS. Correctly configured, servers should redirect any attempt to access a page over insecure HTTP to secure HTTPS, ensuring that a site cannot be intercepted or tampered with. However, Troy Hunt—creator of the Have I Been Pwned service—has found that a number of popular sites can still serve content insecurely.