Fox News is one of three top news websites that are not encrypting content.

In February, Emily Schechter, the Chrome Security Product Manager at Google, announced in a blog post that beginning with the release of Chrome version 68, “Chrome will mark all HTTP sites as ‘not secure’.” This means that Chrome users will see a visible warning next to the Web address for sites using unencrypted HTTP to serve up pages—a warning that Google has been rolling out slowly over the past few months, starting with pages that have forms requesting information.

Chrome 68 ships this month, so the deadline to avoid its “badge of shame” is looming. Some major sites are pressing to beat the deadline—the BBC recently made the move to HTTPS by default for its websites, as BBC News principal software engineer James Donohue recounted in a Medium post on July 6. But other major news sites—including Fox News, Time, and Newsweek—still leave their traffic unencrypted. As a result, they leave their Web content vulnerable to code insertion by Internet service providers or by malicious third parties that manage to place themselves between sites and their readers.

Admittedly, it’s not easy for major sites to switch to secure HTTP. Ars Technica went to HTTPS by default in January 2017, after a major engineering effort. Accommodating our own static and dynamic content systems, as well as third-party content (including advertisements and content from other Condé Nast sites) complicated the task. For sites with the amount of content and traffic that Fox News, Time, and Newsweek handle, it’s a big task.