Prepare for the future of a
totally encrypted (HTTPS) web
The web browsers want the entire internet encrypted immediately. And they’re using a number of initiatives to accomplish thaat. Back in February of 2016, when this push began, just 3% of the internet was encrypted (per a Netcraft report). Today, Google measures encrypted traffic at around 50%. That’s serious progress, but still a long way from complete encryption.
So hurry, because the browsers are done asking nicely.
Encrypt every website with SSL/TLS, or else...
The browser community is not messing around when it comes to its push for universal encryption. Though the browsers originally started by incentivizing HTTPS, today they are actively penalizing websites that are still served via HTTP.
Early in 2017 Google began warning users when websites had insecure login fields. Then in October, the warning expanded to any insecure text field. Just recently, Google issues a warning and adds a “Not Secure” indicator next to the URL. Other browsers will follow suit soon.
Chrome makes features only available via HTTPS
Google Chrome is also only deploying certain popular and powerful features to sites with SSL/TLS. One of these features is Geolocation. With version 50 and beyond, Chrome will no longer support obtaining a user’s location on HTTP sites. Another popular feature is device motion & orientation, so if you want your site to respond accordingly, you must install an SSL certificate.
Gmail marking emails that are sent from non-secure mail servers
Per Netcraft, 82% of mail servers are not using a publicly trusted SSL certificate. In response to this, Google has started flagging emails originating from unsecured mail servers.
Once a mail server has an SSL certificate installed on it, Gmail recipients will be told that the email they open was delivered from an encrypted source, along with a link to learn more if they are unfamiliar.