Note the language has now changed from "pages" to "sites."

Good catch. Pages was probably more appropriate then because the warning only triggered when a form was present.

Now it's becoming a side-wide thing. I applaud them for pushing HTTPS as much as they are, it's really making a difference.

This is potentially very significant.
That notification is really going to mean traffic drops if people actually look at it and understand it. If they misunderstand it, the message coule put people off thinking they may have problems with the site.
I suspect many will not actually click through to a site in the SERPs.

Added, here is some of the coverage on WebmasterWorld on HTTPS
Can changing site from HTTP to HTTPS impact SEO? [webmasterworld.com]
Be HTTPs by October or Chrome will show "not secure" flag [webmasterworld.com]
Upgrade to HTTPS - Absolute vs. Relative Links? [webmasterworld.com]
What will happen if I don't switch to HTTPS? [webmasterworld.com]
HTTPS and Adsense [webmasterworld.com]

Chrome desktop & mobile just updated to v64 a few days ago. If we're to see v68 at the beginning of July, that amounts to roughly a new browser version each month.

I suspect many will not actually click through to a site in the SERPs.

Last I heard, there are no plans to mark sites as insecure in the SERPs, so people would have to notice the missing "https://" in the URL.

I suspect that at some point in the future, any unsecure site will either be significantly demoted, or removed from SERP altogether.

Last I heard, there are no plans to mark sites as insecure in the SERPs, so people would have to notice the missing "https://" in the URL.

That'll be an interesting on. It won't be long, i'm sure, hence my comment.

I suspect that at some point in the future, any unsecure site will either be significantly demoted, or removed from SERP altogether.

That's my feeling, too. It'll mean Google can clear out all the old sites from the SERPs.

I wonder if cached will show the same in the browser.

I have a question: Most of my old sites are HTTP and all my backlinks are pointing to HTTP. However I have WHM/CPanel in my Servers and I enabled the AutoSSL/LetsEncrypt already. I do know i type https:// then it would work, but I still don't know how to transfer the HTTP to HTTPS smoothly, with the ranking and backlinks... Could anyone teach me about this please?

@sunxvogy - read the links engine supplied above. After following those instructions, if you are still having difficulties, start a *new* discussion.

Well my http sites are still doing extremely well, as traffic from google for all of them has either held steady or continued to climb. I also see plenty of other http sites ranking at or near the top of google's search results.

On the other hand, there have been reports that some sites suffered traffic losses immediately after switching to https. Since some of this lost traffic goes to http sites, they get an additional benefit from this as well.

So the current climate is extremely good for http sites. Even so, I've started looking at options for eventually switching at least one of my sites to https.

I don't think switching to https would help traffic much, although Google said that it would be a "tie-breaker" in the search results. But I may want to sell some of my sites eventually, and that might be easier if they are https.

Well my http sites are still doing extremely well...

That's great... however this announcement appears that your HTTP site may not continue to do "extremely well" after July when Chrome warns your visitors. Don't forget, Chrome is the most used browser in the world, especially on mobile.

I may want to sell some of my sites eventually, and that might be easier if they are https.

I don't see how A leads to B. Do you mean that https sites have already been through the algorithmic hiccup that comes with a protocol change, so you can safely sell them “as is”?

On the other hand, there have been reports that some sites suffered traffic losses immediately after switching to https.

I wonder how many of those reports are from people who screwed up the changeover?

To anyone who doesn't want to deal with hassle, I say "leave it to CloudFlare, and allow at least half a minute to make the change."

I say "leave it to CloudFlare, and allow at least half a minute to make the change."

And at least a half a minute to load every file. Most sites are much better off optimizing their sites & configs than sticking a CDN in front of an existing problem.

And at least a half a minute to load every file.

Sorry, but that makes no sense at all.

Most sites are much better off optimizing their sites & configs than sticking a CDN in front of an existing problem.

Or, better yet, optimize your site and use a CDN. (Especially if you have a global audience.)

Another nail in the coffin of the very valuable small informational web site.

These very valuable small informational web sites were never made originally with a view to making money - in fact most of them didn't but they did provide an important public service.

In the last few years I've found Google [and the others] becoming less, and less relevant for my searches.

There was once upon a time when any search phrase I used turned up the right informational site on the first page of results. No longer - Google don't index most of them any more [I tested that today]

Why the hell a small informational site needs to be https simply because it is a browser fad is beyond me...

The only large [https] sites I regularly use are my regular news outlets.

Why the hell a small informational site needs to be https simply because it is a browser fad is beyond me...

Why HTTPS Matters [developers.google.com]

Sorry, but that makes no sense at all.

It's an exaggeration, of course, but since dynamically generated pages are not cached, a CDN would introduce additional latency and increase the time-to-first-byte (TTFB). You might win back some of that time with faster loading static resources, especially if there are many of them (or particularly large ones), but in my experience a fast first paint will often do more to boost that sense of "snappiness". Ideally, of course, you would create your own CDN where all servers can generate those pages by themselves, but that can be tricky to set up and maintain.

Having a CDN take care of HTTPS for you is not a terrible idea, as they support HTTP/2 and many other optimizations out of the box, but it does create a dependency, and the link between your server and the CDN would technically still be insecure. With the exception of Cloudflare's free plan, bandwidth at CDNs also tends to be very expensive (I once calculated I would be paying 10x my current hosting fees).

Also worth noting is that sticking a CDN in front of your site to get HTTPS does not automatically resolve issues with redirects and mixed content, which is exactly the area where most site owners are likely to break things. A well-executed move to HTTPS will not negatively influence your rankings or cost you any traffic -- except maybe a handful of stubborn users on very old devices.

A well-executed move to HTTPS will not negatively influence your rankings or cost you any traffic -- except maybe a handful of stubborn users on very old devices.

This needs to be repeated

...simply because it is a browser fad is beyond me...

It's not beyond you. You just need to be more informed as to why HTTPS is to your benefit and to the benefit of so-called informational sites.

Anyone not adapting to SSL is willfully lagging behind in earnings and relevancy. They would switch to HTTPS if they knew how much HTTPS is to their benefit. Those who stubbornly resist change like SSL are literally self-defeating and digging their own Internet graves.

You just need to be more informed as to why HTTPS is to your benefit

My main site has already been HTTPS coming up 12 months which is not the point. There is ONLY one reason to switch over to HTTPS...

If you don't follow the browser direction to do so - you will be "punished" by the browsers. However Mr Google and other SE's will not improve your position in the SERPS for doing it, Mr AdSense will not send more relevant Ads to your content for doing it. There is no real reward for doing it except the browsers will not punish you.

Better security? I laugh when I here that now. Windows OS, and Browsers all have almost daily security updates simply because their products were defective to begin with.

I'm almost 76 years of age and historically I have always reacted very badly to "do this or be punished" type scenarios. Something I have never, ever had cause to regret at all. Sometimes, many years later I've found myself mighty glad I did...

You're not being punished, you're just being evaluated more fairly and openly. A HTTP connection is insecure, plain and simple.

Many tend to think too one-sidedly about the benefits of HTTPS: "How does it benefit me?". Consider your users.

(And the people you communicate with over the similarly insecure POP3 or IMAP, if -- like many -- you still do.)

Every year google tells us we have to change our sites or suffer in the serps — it’s a different thing every year. At the moment it’s https, in the past it was amp, improve our page speed, make it responsive for mobile, remove half the ads, don’t swap links, delete all the links we swapped, don’t do guest posts, don’t do this don’t do that, and like sheep we do it. I wonder what they’ll have us doing next year.

Most (if not all) of those are a boon to the Web at large. Unfortunately us "sheep" often need reminders to focus on the user experience.

It's an exaggeration, of course, but since dynamically generated pages are not cached

Good point, but not all sites use dynamically-generated pages. (There's something to be said for "flat files," especially on informational sites with mostly evergreen content.)

Even if the page content is static html, there may well be dynamic headers or footers. To the designer it's static; to the server it's dynamic. (Crude test: Check your server logs. Unless you find the occasional 304 responses to page requests, they're not really static.)

Point is, a CDN is not a *fix* for not updating a site to be secure.

Point is, a CDN is not a *fix* for not updating a site to be secure

My point was simply that at least one CDN makes it very easy for anyone (even the technically clueless) to switch from HTTP to HTTPS, so "It's too hard" or "There's too much risk of screwing it up" is no longer a valid excuse for lagging behind.

"There's too much risk of screwing it up" is no longer a valid excuse for lagging behind.

True dat