Previously, Google posted a proposal to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages. HTTPS usage on the web has taken off as Google have evolved Chrome security indicators. Later this year, we’ll be taking several more steps along this path.
Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69). Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), we’ll start showing the red “not secure” warning when users enter data on HTTP pages.