There has been a proposal for a long time in Chrome to flag HTTP as insecure. The motivation for this is: all sites over HTTP are entirely lacking encryption, so why should they appear “safe” while sites with weak encryption trigger warnings? The sensible thing to do is to have an even stronger warning for these sites.
Chrome has for a long time supported the option
which can be accessed by going to
selecting “Mark non-secure origins as non-secure” (fitting name for an option)
in the dropdown. After enabled, this is what you’ll see in the address bar
upon visiting an HTTP site:
There is no decision on when this change will become the default and the web is not ready for this just yet. An interesting way to go would be to incrementally make the icon color more red over a period of years. This would slowly motivate people to switch to HTTPS.
To get with the times, it might be a good idea to set up Let’s Encrypt. You certainly don’t want to trigger the warning above, once the time for it comes.