HTTP Websites are ‘Not secure’ With Google Chrome 69

by

Chrome browser with new tabs and address bar introduced version 69 released in September

The September release of Chrome 69 is the first major facelift since its release in 2008. The style changes are immediately noticeable when Chrome is loaded up the first time after the update has been installed.

The tabs have a softer, lighter design with rounded tabs, replacing the dated angular grey tabs Chrome has used for years. The address bar has rounded ends and a softer appearance than before.

HTTPS Secure Websites

Chrome release 69 address bar with padlock only to indicate it is using secure https

What may not have been immediately noticed is the green Secure in the address bar no longer exists. Websites with a secure certificate using HTTPS no longer have the distinctive green padlock and the word Secure before the URL displayed in the address bar.

Chrome release 69 address bar with padlock and business name only to indicate it is using secure httpsA grey padlock is displayed which can still be clicked to view the details of the certificate like before. If the website certificate is the more thorough extended validation certificate, the business name appears more predominately next to the padlock.

Google has made this change is to reverse the default behaviour to show secure websites as an exception to the normal ‘Not secure’ websites. ‘Secure’ is now normal and ‘Not secure’ is the exception.

HTTP Not Secure Website

Chrome release 69 address bar with 'Not secure' when used with http based websiteStarting with Chrome release 69, websites still using HTTP without a certificate now have ‘Not secure’ displayed in the address bar at all times.

Earlier versions of Chrome only displayed ‘Not secure’ when information is entered in a form field on the webpage. The recent change is the next step and this is not the final step, which we mentioned in HTTPS is normal, HTTP is Not Secure earlier this year.

The green ‘Secure’ in the address bar made it stand out, whereas the grey ‘Not secure’ doesn’t stand out as much as the green. Eventually, it is intended for the ‘Not secure’ to stand out more displayed in red.

Have You Upgraded To HTTPS?

If you haven’t already updated your website with a certificate to use HTTPS, it is time to change. The need to change shouldn’t be a surprise, as Google first announced the changes in 2016 and have made continual changes to the Chrome browser since.

The cost of SSL certificates is much more affordable than they were many years ago. Rubidyn have SSL certificates available for most budgets, starting with budget focused Domain validated certificates.

If your website is still using HTTP without a certificate, are there reasons you haven’t changed to HTTPS? If so, we’d like to hear why in the comments below.

Leave a comment