What’s happening with Chrome?
Alphabet (Google’s parent company) recently announced that as of October 2017, Chrome version 62.x and higher will start displaying websites that aren’t secured with HTTPS with a “Not Secure” signifier next to the URL.
For now, this will only be shown when entering data during normal viewing, but will show at page load and when entering data for incognito viewing.
What about other browsers?
So far, Mozilla Firefox, Safari and Microsoft Internet Explorer/Edge currently aren’t displaying anything prominent when a page isn’t secure, but that doesn’t mean that won’t change in the future.
Each browser does display a padlock when a page has HTTPS and is secure, but they don’t show anything if using HTTP.
What do pages using only http: look like in Chrome?
In regular browser windows, non-secured HTTP pages will load normally, until someone interacts with the page. If you start typing in information, filling something out, checking on a button, the Not Secure signifier will appear. Refreshing the page removes this signifier until the page is interacted with again.
During incognito browsing, the Not Secure signifier will appear and stay immediately during page-load, and will remain for as long as you’re on the site.
Are HTTP security warnings happening on mobile? Android?
As of October 2017, this update has not gone live to chrome for Mobile, or for Android. Alphabet has not yet announced when/if this change will be pushed to Chrome for Mobile and Android.