There Are About to Be Far More ‘Non-Secure’ Sites on the Web

Inside The Google I|O Developers Conference
Sundar Pichai, senior vice president of Android, Chrome and Apps for Google Inc., watches a demonstration during the Google I/O Annual Developers Conference in San Francisco, California, U.S., on Wednesday, June 25, 2014. Google Inc. unveiled a new version of its Android software for smartphones and other devices as it battles Apple Inc. to be the foundation for mobile technology. Photographer: David Paul Morris/Bloomberg via Getty Images
David Paul Morris—Bloomberg via Getty Images

Expect to see more security warnings from the world’s most popular web browser in 2017.

Google (GOOG) Chrome, the search giant’s flagship browser, will begin labeling more websites as dangerous starting next year, according to plans previewed with Fortune. The change will affect certain unsecured webpages that feature entry fields for sensitive data, such as passwords and credit card numbers.

Get Data Sheet, Fortune’s technology newsletter.

A note of caution will emblazon any webpages asking for sensitive data that are powered by HTTP—a standard data transmission protocol—rather than HTTPS—a newer and more secure specification favored by many cybersecurity experts. In the address bar, you’ll notice a new prefix: “Non secure.”

Google Chrome URL security warning
Courtesy of Google

See also: How Hackers Plan Attacks and Hide Their Tracks

The move represents a step forward in the Web’s steady, inevitable march from HTTP (Hypertext Transfer Protocol) to HTTPS (Hypertext Transfer Protocol Secure). The latter version is sealed with protective encryption, preventing snoops and middle-men attackers from eavesdropping on, stealing, or manipulating data sent between an online service and a user, (thus keeping things like your bank account login details private, for instance).

Most websites that trade in confidential data, like banks and e-commerce outfits, have recognized the virtues of HTTPS, and began employing it long ago. Google, which prides itself on the security of its product, wants that mindset—and the quantity of Internet traffic protected with encryption—to spread.

“We will begin our plan to label HTTP sites more clearly and accurately as non­-secure in gradual steps based on increasingly stringent criteria,” writes Emily Schechter of the Chrome security team in a blog post. “Eventually, we plan to label all HTTP pages as non-­secure.”

For more on Chrome, watch Fortune’s video:

Google has already begun pushing for HTTPS in other ways. Recently, the company began boosting the rankings of websites that use HTTPS, using its search algorithm. Other companies, such as video streaming service Netflix (NFLX), have been rolling out the tech for some time.

The update is slated to be part of Chrome version 56, due out in January, Google said. In future updates, the company says it will begin to denote HTTP pages displayed in the browser’s more private “incognito” mode as “non secure,” too. Eventually, the Google team plans to deploy a more alarming red triangle “warning” icon for HTTP sites, it said.

For website owners everywhere, the development portends an inexorable trend: Google’s intentions are clear, and the days of HTTP are drawing to a close.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.