Browser Non-HTTPS Website Warning

Google have announced that all HTTP sites will be marked as insecure in version 68 of their Chrome browser, in an effort to encourage site owners to transition to HTTPS.

Threat ID:: CC-2346
Category:
Threat Severity:: Low
Threat Vector:
Published:: 16 May 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Google have announced that all HTTP sites will be marked as insecure in version 68 of their Chrome browser, in an effort to encourage site owners to transition to HTTPS.

Threat details

Chrome will display a warning message and notification to all users visiting any site not using HTTPS. Mozilla have also announced that their Firefox browser will begin marking non-HTTPS sites as insecure, although they have not given an indication of when this will start.

Alongside the well-documented security risks associated with HTTP, the notification of users that a site is insecure also brings a considerable reputational risk.

For further information:

Remediation steps

Type	Step
	Organisations should install TLS certificates on all their non-HTTPS sites.

Last edited: 17 February 2020 12:39 pm