Google made big news last week when they announced that Chrome 68 would mark all websites without SSL certificates as «Not Secure». While the move was highly anticipated by many it will still be a disrupting process for many website operators who have yet to embrace the non-tangible benefits of HTTPS.
This post will not get into those non-tangible benefits, nor will it discuss how to get a 100% trusted SSL certificate for free. Instead, this post will quickly show you how you can preview what browsing the web with Chrome will look like after the release of version 68 this summer, and possibly more easily identify some of your own web properties that need updating.
In Chrome, navigate to chrome://flags/#mark-non-secure-as — this will open Chrome’s settings, and navigate to a list of experimental features, and specifically the one we’re interested in «Mark non-secure origins as non-secure». Before we get ahead of ourselves, however, I should pause an reiterate the warning Chrome is showing you at the top of your page right now. These are marked as experimental for a reason, so be careful enabling flags you don’t fully understand.
If you click the drop-down to the right of the «Mark non-secure origins as non-secure» and select «Always mark HTTP as actively dangerous», you will be prompted to restart Chrome. Do that.
To test out this change, navigate to a non-HTTPS website. A good example is always example.com. If everything is setup correctly, you should see this in your address bar:
Browse away, knowing that you’re getting a preview of what everyone will see starting later this year. If you ever change your mind, you can always revisit chrome://flags/#mark-non-secure-as and change the setting back without harm. Other than the more obvious warning on non-HTTPS websites, however, no other change should have occurred, and regular HTTP websites continue to load just fine, albeit with a more obvious warning.