Default Non-Secure Flag for HTTP Coming to Chrome

Add Your Comments

Google is working to make its flag marking HTTP sites as insecure in Chrome a default warning, according to a Chromium issue tracking page. A flurry of announcements from Google related to Chrome and security have served to lay the ground-work for a change the company said in 2014 was necessary to allow users to make informed web security decisions.

Chrome marks HTTP sites with a red “x” over the “site information” portion of the URL bar to “mark non-secure origins as non-secure” when the currently optional feature is manually enabled by entering “chrome://flags/” in the URL bar. The option was included in updates following Google’s announcement in 2014 that it wanted to shift gradually from HTTP sites being unmarked to a clear indication of non-secure origin.

The company followed by changing its search ranking algorithm to reflect the prioritization of HTTPS soon after, and this past December announced it was adjusted its indexing system to look for HTTPS equivalents of HTTP pages.

Google showed off the new default flag at the Usenix Enigma 2016 conference on Tuesday, following the unannounced appearance of the issue tracking page earlier in January, which makes the company’s approach to signaling non-secure connections clear.

“Our goal is to mark non-secure pages like HTTP using the same bad indicator as broken HTTPS, since this 1) is more accurate than marking such pages as neutral, and 2) simplifies the set of security indicators,” the post says.

While no change has been officially announced, and a Chrome blog post Wednesday detailing the latest browser update makes no mention of it, the Chromium blog introduced a new security panel in its Chrome 48 beta “DevTools.” The new tool allows developers to site administrators to troubleshoot certificate verification, TLS connection, and subresource security.

All US federal government websites will be required to use HTTPS by December 2016, and the Let’s Encrypt program continues to pick up steam, as the organizations and individuals whose content makes up the Internet move towards the new, fast-approaching standard.

Add Your Comments

  • (will not be published)