With the change, every site now gets a label in its address bar: "Secure" if the site is loaded over HTTPS, "Not Secure" otherwise. In September, Google will make another change and remove the "Secure" label, marking the transition to a world where secure HTTP is the default rather than the exception.
Most major online sites and services do now support and default to HTTPS. Correctly configured, servers should redirect any attempt to access a page over insecure HTTP to secure HTTPS, ensuring that a site cannot be intercepted or tampered with. However, Troy Hunt—creator of the Have I Been Pwned service—has found that a number of popular sites can still serve content insecurely.Advertisement
Nintendo Switch - Neon Red/Neon Blue£279.99 Buy Now at Amazon
Sometimes we include affiliate links to help fund the website and we do receive a small commission. At no extra cost to you, the prices remain the same.
Sometimes this is because a site doesn't redirect at all from HTTP to HTTPS; other times it can be more subtle, such as certain pages allowing HTTP even when the site is otherwise configured correctly. This includes some very high traffic domains, such as Chinese search engine baidu.com, Twitter's URL shortener t.co, and the BBC's international website bbc.com. Whatever the cause of these misconfigurations, the result is that even though they're normally served securely, a bad or malicious link could result in someone visiting the sites insecurely.
There are even some sites with a completely broken configuration. For instance, the UK's Daily Mail, dailymail.co.uk, is presently using an incorrect certificate for its SSL version, meaning that only the insecure version is available.