Chrome To Explicitly Mark HTTP Connections As Non-Secure

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, December 13, 2014

Follow me on Twitter as @mattiasgeniar

So 2015 will be the year of HTTPs/SSL/TLS. Chromium, the project behind Chrome, is making plans to mark HTTP connections as “non-secure”.

We propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.Chrome Security Team

If Eff.org’s efforts to offer free SSL certificates pays of, the step to change HTTP to HTTPs for site owners may be just a little smaller. But running an HTTPs site is not without dangers, as bad implementations can knock your site offline.

This move seems to fit Chrome’s plan to push the SPDY/HTTP2 forward, as it’s built on TLS connections. But at what cost?

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.