Google Wants to Spotlight Non-Secure Sites

Google Chrome has released a proposal to make all non-secure (http) sites obvious to the user by default.

The goal of this proposal is to more clearly display to users that HTTPS provides no data security...We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.

Right now, Chrome's security warnings are a green padlock for secure https, a white 'page' for non-https, and a red 'X' for https pages that have a problem with their certificate.

The plan is to shift the non-https from the neutral white to the red X. To see it in action, type chrome://flags/ within a Chrome browser, scroll down to mark non-secure as and then change the default to mark non-secure origins as non-secure.

Mixed Content Issues?

If you've got mixed content issues that would lead to that glaring red padlock (a secure site with non-https content), Googler John Mueller shared a tool on G+ from report-uri.io that will help you determine the pages where the content issues take place so you can fix them. Find detailed instructions on how to set the tool up here and read Mueller's G+ post below.

Getting Your SSL Certificate

If you're trying to make the shift to secure, it's really not as hard as it seems. We have a great resource that will help guide you down that path here, "Time ...