From the Chrome Security blog, back on February 8:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

A few thoughts on this.

  • First, a gentle reminder that calling these certificates SSL certificates is no longer using accurate nomenclature, despite some people still clinging onto the term.1 The correct term is TLS. Here’s a good article that explains, if you’re unfamiliar.
  • It’s amusing to me that Google is still using Blogger as its platform for content.
  • I’d love to see a future version of Chrome treat non-mobile-friendly sites with a similar harsh treatment.2
  • Lastly, if you have a site that doesn’t yet adhere to HTTPS, you can get with the program for free with Cloudflare. It’s what Drinking Caffeine has been using for a while now, and it rocks.

  1. GoDaddy, for instance:

    Get a little green lock for your site with a trusted SSL certificate. It shows your visitors that their data is safe, makes Google happy and speeds up load time on HTTP/2. It’s a win-win-win.


  2. When I run a Google Mobile-Friendly Test on a certain obnoxiously curmudgeon site I get this:

    Page is not mobile friendly
    This page can be difficult to use on a mobile device

    Not groovy, JG.