Security warnings will pop up on the Daily Mail website if visitors are using the latest version of Google's Chrome browser. It is one of many sites the browser will flag because they do not use HTTPS - the secure version of the web's underlying data transfer protocol. Many sites have switched to this version to protect visitors against data theft and hijacking. About 20% of the world's top 500 websites are using HTTP.

The HyperText Transfer Protocol (HTTP) defines how data is passed around the web. The "S" in HTTPS stands for "Secure" and ensures that data is encrypted before it travels. In the UK many other sites, such as Sky Sports, Argos and Boohoo have also not yet adopted HTTPS. There is no evidence that any of the sites which have not made the change to HTTPS are currently subject to attacks that abuse insecure data.

The Google’s Chrome browser says the sites are not secure because they do nothing to scramble the data passing between you and that website. According to statistics gathered by security researcher Troy Hunt, more than half of all the web's top one million sites have not flipped to HTTPS. Mr. Hunt has launched a site called WhyNoHTTPS? that lists the world's most popular websites that are not using it. The list draws on statistics gathered by British security researcher Scott Helme. The Daily Mail tops the site’s  UK list as the busiest site to lack the protective measure. Other big names on the list include Chinese messaging firm Tencent QQ, block-building game Roblox and sports broadcaster ESPN.
 

Google began the process of warning people about sites that use HTTP in early 2017. Initially, the "Not secure" warnings were only used on sites that collected passwords or credit cards. Firefox and Safari added similar systems about the same time. Now all sites that have not switched will be flagged by Chrome. The other big browser makers are expected to follow soon. Others - including governments - are joining the push for HTTPS. The UK's National Cyber Security Centre recently issued advice saying that all sites should use HTTPS. In addition, the Let's Encrypt project aims to make it easy for small sites to adopt it by publishing easy-to-follow guides and tools that simplify the process.