2,438
edits
Changes
→Full timeline
| 2018 || {{dts|February 27}} || Certificate authority || Let's Encrypt || Wildcard support || Let's Encrypt plans to make wildcard support fully available on this date, after launching a public test API endpoint for the ACME v2 protocol and wildcard support on January 4, 2018.<ref>{{cite web|url = https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html|title = Wildcard Certificates Coming January 2018|last = Aas|first = Josh|date = July 6, 2017|accessdate = January 28, 2018|publisher = Let's Encrypt}}</ref>
|-
| 2018 || {{dts|April 14}} || Website || IMDb || Default HTTPS-only || Judging from homepage captures on the Internet Archive's Wayback Machine, this is the date that the IMDb transitions from HTTP to default HTTPS-only. See captures for April 13<ref>{{cite web|url = http://web.archive.org/web/20180413090715/http://www.imdb.com/|title = IMDb, as captured on April 13, 2018|date = April 13, 2018|accessdate = April 13, 2019}}</ref> and April 14.<ref>{{cite web|url = http://web.archive.org/web/20180414091804/https://www.imdb.com/|title = IMDb, as captured on April 14, 2018|date = April 14, 2018|accessdate = April 13, 2019}}</ref><ref> There does not appear to be any official announcement of the transition, but a Quora question with answers as late as February 2018 confirms that people noticed that the site was still using plain HTTP till February 2018.<ref>{{cite web|url = https://www.quora.com/Why-does-IMDB-use-http-and-not-HTTPS|title = Why does IMDB use http and not HTTPS?|accessdate = April 13, 2019|publisher = Quora}}</ref>
|-
| 2018 || {{dts|July}} (planned date), February 8 (announcement) || Browser || Chrome || Security warning || On February 8, Google Chrome announces that starting with Chrome 68, which will be released in July, all plain HTTP sites will be marked as not secure.<ref>{{cite web|url = https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html|title = A secure web is here to stay|date = February 8, 2018|accessdate = February 11, 2018|publisher = Google Security Blog|last = Schechter|first = Emily}}</ref><ref>{{cite web|url = https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/|title = Chrome will soon mark all unencrypted pages as ‘not secure’|last = Lardinois|first = Frederic|date = February 8, 2018|accessdate = February 11, 2018|publisher = ''TechCrunch''}}</ref><ref>{{cite web|url = https://arstechnica.com/gadgets/2018/02/from-july-on-chrome-will-brand-plain-old-http-as-not-secure/|title = From July on, Chrome will brand plain old HTTP as “Not secure”. The "Not secure" label will go where the padlock would go for an encrypted connection.|last = Bright|first = Peter|date = February 9, 2018|accessdate = February 11, 2018|publisher = ''ArsTechnica''}}</ref> The release happens as scheduled. ''Forbes'' publishes an article naming a few sites that still do not default to HTTPS as of the time of this change to Chrome. The sites include Fox News, the Los Angeles Times, Chicago Tribune, Time, ESPN, NFL Network, NBA, and more. Some of these sites, such as Time and ESPN, still do not default to HTTPS as of April 2019.<ref>{{cite web|url = https://www.forbes.com/sites/kevinmurnane/2018/07/25/here-are-12-well-known-websites-that-chrome-68-labels-not-secure/|title = Fox News, ESPN And 9 Other Well-Known Websites That Chrome 68 Labels 'Not Secure'|last = Murnane|first = Kevin|date = July 25, 2018|accessdate = April 13, 2019|publisher = Forbes}}</ref>
