2,438
edits
Changes
Add a few more rows
|-
| 2014 || {{dts|March 5}} || CDN || Amazon CloudFront || SNI custom SSL, HTTPS redirection || Amazon CloudFront announces support for customers to use their own SSL certificates through the implementation of {{w|Server Name Indication}}, as well as HTTP to HTTPS redirection (via 301 redirect).
|-
| 2014 || {{dts|June 5}} || Website || WordPress || Default HTTPS-only || {{w|Automattic}}, the parent company of wordpress.com, announces that all wordpress.com subdomains will be moved to default HTTPS-only by the end of 2014.<ref>{{cite web|url = https://en.blog.wordpress.com/2014/06/05/reset-the-net/|title = Reset the Net. If we properly encrypt our sites and devices, we can make mass surveillance much more difficult. We’ll be serving pages only over SSL for all *.wordpress.com subdomains by the end of the year.|last = Siemenski|first = Paul|date = June 5, 2014|accessdate = December 1, 2019|publisher = The WordPress.com Blog}}</ref>
|-
| 2014 || {{dts|July 29}} || App || Instagram || Default HTTPS-only || In response to reports about a zero-day security vulnerability, Instagram co-founder {{w|Mike Krieger}} reveals that the app is being moved over to HTTPS, with some parts of the app already 100% HTTPS.<ref>{{cite web|url = https://www.theinquirer.net/inquirer/news/2357779/instagram-to-use-https-following-discovery-of-gaping-security-hole-in-ios-app|title = Instagram to use HTTPS following discovery of gaping security hole in iOS app. Security expert warns users should not use the app until a patch is released|date = July 29, 2014|accessdate = November 19, 2017|publisher = The Inquirer}}</ref>
| 2016 || {{dts|March 28}} || Browser || QQ Browser || Vulnerability exploit || The Citizen Lab publishes a report noting vulnerabilities in the QQ Browser, a popular browser in China, some of which are related to the browser not using HTTPS fully.<ref>{{cite web|url = https://citizenlab.ca/2016/03/privacy-security-issues-qq-browser/|title = Privacy and Security Issues in QQ Browser|last = Knockel|first = Jeffrey|last2 = Senft|first2 = Adam|last3 = Deibert|first3 = Ron|date = March 28, 2016|accessdate = April 13, 2019|publisher = The Citizen Lab}}</ref>
|-
| 2016 || {{dts|April 8}} || Website || WordPress || Default HTTPS-only || Automattic, the owner of WordPress.com, announces that WordPress custom domains will be switched to default HTTPS-only. Previously, HTTPS-only was enabled only on subdomains of wordpress.com.<ref>{{cite web|url = https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/|title = HTTPS Everywhere: Encryption for All WordPress.com Sites. We’re proud to support a more secure web — now for all custom domains on WordPress.com.|author = Barry|date = April 8, 2016|accessdate = December 1, 2019|publisher = The WordPress.com Blog}}</ref>|-| 2016 || {{dts|April 28}} (first announcement), {{dts|August 15}} (completion) || Website || WIRED || Default HTTPS-only || On April 28, ''WIRED'' announces that its website has gone is going HTTPS-only. The article announcing the transition explains the challenges involved in making sure every digital asset loaded on every page is HTTPS.<ref>{{cite web|url = https://www.wired.com/2016/04/wired-launching-https-security-upgrade/|title = WE'RE GOING HTTPS: HERE'S HOW WIRED IS TACKLING A HUGE SECURITY UPGRADE|last = Tollman|first = Zack|date = April 28, 2016|accessdate = February 11, 2018|publisher = ''WIRED''}}</ref> The transition is announced to be complete on August 15.<ref>{{cite web|url = https://www.wired.com/2016/09/wired-completely-encrypted/|title = How WIRED Completely Encrypted Itself|last = Tollman|first = Zack|date = August 15, 2016|accessdate = December 1, 2019}}</ref>
|-
| 2016 || {{dts|June 14}} || App store service || Apple || Default HTTPS-only || At the {{w|Apple Worldwide Developers Conference}}, Apple announces that it will require all iOS apps to use HTTPS connections by the end of 2016.<ref>{{cite web|url = https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/|title = Apple will require HTTPS connections for iOS apps by the end of 2016|last = Conger|first = Kate|date = June 14, 2016|accessdate = February 11, 2018|publisher = ''TechCrunch''}}</ref>
| 2017 || {{dts|January 10}} || Website || New York Times || Default HTTPS-only || The ''New York Times'' announces that it has made a number of its articles default to HTTPS, including the home page, section and topic pages, and all articles published 2014 or later, and that it plans to make the rest of its site HTTPS as well.<ref>{{cite web|url = https://open.blogs.nytimes.com/2017/01/10/https-on-nytimes-com/|title = HTTPS on NYTimes.com|last = Konigsburg|first = Eitan|last2 = Wan|first2 = Vinessa|publisher = ''New York Times'' Open blog|date = January 1, 2010|accessdate = November 19, 2017}}</ref>
|-
| 2017 || {{dts|january January 21}} || Guideline || American Library Association || HTTPS use guideline || The American Library Association publishes a library privacy checklist approved by its intellectual freedom committee. The checklist mentions HTTPS twice. In priority 1 actions, it includes an action "Ensure all existing security certificates for HTTPS/SSL are valid and create a procedure for revalidating them annually." In priority 2 actions, it includes an action "Utilize HTTPS wherever possible." (Ironically, even as of April 2019, the American Library Association website does not properly support HTTPS, with the HTTPS site redirecting to the HTTP site).<ref>{{cite web|url = http://www.ala.org/advocacy/privacy/checklists/overview|title = Library Privacy Checklist - Overview|date = January 21, 2017|accessdate = April 13, 2019|publisher = American Library Association}}</ref>|-| 2017 || {{dts|January 25}} || Website || Ars Technica || Default HTTPS-only || ''{{w|Ars Technica}}'' announces that it has switched to default HTTPS-only, and explains details of the move.<ref>{{cite web|url = https://arstechnica.com/information-technology/2017/01/ars-announces-https-by-default-finally/|title = Ars announces HTTPS by default (finally). Doing our part to push the encrypted-by-default vision of the Web.|last = Hutchinson|first = Lee|date = January 25, 2017|accessdate = December 1, 2019|publisher = Ars Technica}}</ref>
|-
| 2017 || {{dts|January}} || Browser || Chrome || Security warning || With version 56, {{w|Google Chrome}} begins marking as "Not Secure" (in the address bar) any webpages collecting sensitive data such as passwords or credit-card information without using HTTPS.<ref name=not-secure-october-plans>{{cite web|url = https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/|title = Google Is Requiring HTTPS for Secure Data in Chrome|last = Murray|first = Brock|date = January 21, 2017|accessdate = November 19, 2017}}</ref><ref name=zdnet-noose>{{cite web|url = http://www.zdnet.com/article/google-tightens-noose-on-http-chrome-to-stick-not-secure-on-pages-with-search-fields/|title = Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields. In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.|last = Tung|first = Liam|date = April 28, 2017|accessdate = November 15, 2017|publisher = ZDNet}}</ref>
|-
| 2017 || {{dts|January 4}} || Website || National Public Radio || Default HTTPS-only || {{w|National Public Radio}} announces that it has transitioned most of its webpages and streaming content to HTTPS, and is making sure that any new content is served through HTTPS.<ref>{{cite web|url = http://digitalservices.npr.org/post/update-https-transition-streams-and-podcasts|title = Update to the HTTPS Transition for Streams and Podcasts|last = Faughan|first = Kate|date = January 4, 2017|accessdate = February 11, 2018|publisher = National Public Radio}}</ref>
|-
| 2017 || {{dts|January 10}} || Website || W Magazine || Default HTTPS-only || A post on the ''Condé Nast'' technology blog, describes the transition of [[w:W (magazine)|W Magazine]], a Conde Nast property, to HTTPS.<ref>{{cite web|url = https://technology.condenast.com/story/securing-w-magazine-our-migration-to-https|title = Securing W Magazine: Our Migration to HTTPS|date = July 10, 2017|accessdate = December 1, 2019|last = Colucci|first = David}}</ref>
|-
| 2017 || {{dts|March 30}} || Website || Pornhub || Default HTTPS-only || {{w|Pornhub}}, the world's largest pornographic video site, switches to HTTPS-only. Sister service YouPorn is scheduled to go HTTPS-only on April 4.<ref>{{cite web|url = https://www.wired.com/2017/03/pornhub-https-encryption/|title = THE WORLD'S BIGGEST PORN SITE GOES ALL-IN ON ENCRYPTION|last = Barrett|first = Brian|date = March 30, 2017|accessdate = November 9, 2017|publisher = ''Wired''}}</ref><ref>{{cite web|url = https://www.theverge.com/2017/3/30/15125048/pornhub-youporn-https-encryption-privacy|title = Pornhub now turns on encryption by default|last = Garun|first = Natt|date = March 30, 2017|accessdate = November 19, 2017|publisher = ''The Verge''}}</ref>
|-
| 2019 || {{dts|January}} to February; with some early test efforts in October 2018, and some wrap-up work as late as April 11 || Website || Wikia / Fandom || Default HTTPS-only || Fandom Inc., the company previously known as Wikia, moves the bulk of their community wikis from HTTP to HTTPS, while also changing the domain from wikia.com to fandom.com (to be more consistent with the company's new name and branding). Some domains that do not fit with the Fandom brand are moved to wikia.org instead; these are also migrated to HTTPS.<ref>{{cite web|url = https://community.fandom.com/wiki/Help:Fandom_domain_migration|title = Help:Fandom domain migration|accessdate = April 13, 2019|publisher = Fandom Community Central}}</ref>
|-
| 2019 || {{dts|August}} || Browser || Chrome || Interface simplification || With Chrome 76, Google stops showing the leading https and www on urls in the address bar; however, these are shown if you click into the address bar twice. The Chrome team says that this simplifies the experience for most users by removing information that's not relevant to them, but there is some pushback to these claims from people who believe the information is important and should be readily visible.<ref>{{cite web|url = https://www.ghacks.net/2019/08/01/chrome-76-no-more-https-or-www-in-address-bar/|title = Chrome 76: no more https or www in address bar|last = Brinkmann|first = Martin|date = August 16, 2019|accessdate = December 1, 2019}}</ref> Users can still determine if a site is secure by looking for the lock icon; insecure sites will be marked "Not Secure".
|}
