Chrome to remove 'secure' and padlock icon for HTTPS

Google will treat Transport Layer Security encrypted pages as the default soon with no indications shown, and call out unencoded HTTP web content as unsafe.

As part of a long-running move to push website admins and hosters to remove the last vestiges of HTTP use, Chrome version 69 - which arrives in September - will remove the "secure" wording for HTTPS pages and later on, remove the padlock icon as well.

Currently, Chrome displays a padlock and "Secure" in green letters for HTTPS secured sites.

Chrome product manager Emily Schechter explained that users should expect a safe web by default, and be warned if there are issues.

Thanks to increasing HTTPS usage, it is now possible to assume the default, unmarked state of a web page is secure, Schechter said.

In February this year, Google issued an advance warning that starting with Chrome version 70 due out in October, all clear-text, unencrypted HTTP pages will be prominently marked as "not secure" by the web browser.

Originally, the "not secure" warning was to be introduced in Chrome version 68.

The vast majority of traffic across Google is now SSL encrypted, analysis by the company shows.

Older mobile devices remain an issue however, as they do not support modern encryption, standards or protocols and cannot securely encode communications, Google's analysis noted.

Such devices might not ever support encryption, as they often do not get software updates.

As a result, older mobile devices account for over 95 percent of unencrypted traffic to Google.