Google Chrome will no longer show safe website indicators, as the company continues its efforts to achieve a 100% HTTPS web
Google continues to make changes to Chrome’s address bar. The company is testing a new feature in Chrome 93 Beta that will no longer show safe website flags. Google believes this should encourage developers to only use HTTPS on their sites. Being the most used browser in the world with more than 60% of market share, this bet could help to have only HTTPS connections in the future. This change also comes a few months after Google announced that Chrome’s address bar will start using “https://” by default.
Google has been making concerted efforts for several years now to get websites to use only the HTTPS protocol in order to provide a safer browsing experience. To encourage web developers to use only the HTTPS protocol on their sites, the online search giant has introduced this protocol as a ranking factor in the SERP (Search Engine Result Page). This means that developers who don’t host a secure site have experienced a potentially minor drop in their ranking in Google’s search results. This measure seems to have borne fruit.
In fact, according to the “HTTPS encryption on the Web” section of the Google Transparency Report, over 90% of all connections in Chrome are currently using an HTTPS connection. To continue this momentum, Google announced that Chrome will no longer indicate whether a site you visit is secure, but only if you visit an unsecured site. In fact, currently when you visit a secure site, Google Chrome displays a small locked icon indicating that your communication with the site is encrypted as shown below.
With most communication between websites now secure, Google is currently testing a new feature that removes the lock icon for secure sites. This feature is experimental in Chrome 93 Beta and Chrome 94 Canary, but you can test it by enabling the “Omnibox Updated connection security indicators”. When this feature is enabled, Chrome only displays security indicators when the site is not secure. Google has, however, provided an option to allow companies to re-enable the HTTPS security flag.
Google has added a corporate policy for Chrome 93 called “LockIconInAddressBarEnabled” which can be used to re-enable the lock icon in the address bar. As a reminder, HTTPS is a mechanism that allows your browser or application to connect securely to a website. This is one of the measures put in place to make your browsing safe, which is important, for example, when you log into your bank’s website or when entering payment card information in an online store.
For those who want to test turning off the Chrome Security Flags feature, you can turn it on in Chrome 93 Beta or Chrome 94 Canary by following these instructions.
- type chrome: // flags in the address bar and press the enter key;
- search for “security indicators”;
- when the “Omnibox Updated connection security indicators” indicator is displayed, click on “Default” and select “Enabled”;
- then relaunch the browser when prompted.
Google will no longer tell you if a site is secure and will only display an indicator when you visit an unsecured site. It’s important to note that Google has announced this change since 2018. “Users should expect the web to be secure by default, and they’ll be notified if something goes wrong. Since we will soon start marking all HTTP pages as ‘insecure’, we will remove the positive security flags from Chrome so that the default untagged state is secure, ”he told the era.
“Chrome will implement this over time, starting with removing the ‘Secure’ label and HTTPS scheme in September 2018 (Chrome 69),” added Emily Schechter of Google. This approach is part of the company’s efforts to try to redesign Chrome’s address bar. Last March, Google announced that Chrome’s address bar will now use “https: //” by default. According to the company, this should improve the privacy and loading speed of websites that support this protocol.
Then in a blog post last month, Google reported that an HTTPS-First mode will be added to Chrome to prevent attackers from intercepting or eavesdropping on users’ web traffic. “When a browser connects to websites over HTTPS, spies and attackers on the network cannot intercept or modify any data shared through that connection (including personal information or the page itself). This level of privacy and security is vital for the Web ecosystem, which is why Chrome continues to invest in making HTTPS more widely supported, ”he explained.
Starting with Chrome 94, the browser will offer HTTPS-First mode, which will attempt to upgrade all page loads to HTTPS and display an entire page warning before loading sites that don’t support it. As if to encourage Internet users, Google explains that “users who activate this mode can be assured that Chrome connects them to sites over HTTPS whenever possible and that they will see a warning before connecting to sites over HTTP.
“Based on feedback from the ecosystem, in the future we will attempt to make HTTPS-First mode the default mode for all users. Mozilla also shared its intention to make HTTPS-only mode the future of web browsing in Firefox, ”the company said. Google is one of the entities that has been pushing the industry a lot to switch to HTTPS. We can cite several of his initiatives:
- in August 2014, Google’s search algorithm began using HTTPS as a ranking criterion to give sites using the secure protocol a little more weight in its search results. At the end of 2015, Google announced that its search engine had started indexing HTTPS pages by default;
- in 2017, under Chrome 62, Google started marking HTTP connections as “insecure”. In August of the same year, web developers whose sites were still in HTTP were notified by email from Google. The publisher nevertheless specified that this would be done in two additional situations: when users enter data on a page in HTTP (special attention on sites where users enter sensitive information such as passwords or numbers credit from browser version 56) and when they visit HTTP pages via “private browsing” mode.