The Chrome browser is now explicitly marking non-https websites as Not Secure, a good step for them to take. A few years ago I was a Usenix Conference where the UX folks for Chrome were discussing their roadmap towards this -- time has flown and now http is officially "no good".

A good nudge for me also... I finally set up a HTTPS cert for my site. I've used a free certificate from letsencrypt.org; it will expire in a few months but by then I should be fully running on AWS and have the auto-renewal acme scripts in place.