Out With The Old, In With The New; Web Security!

In a recent press release, Google announced a significant change coming to the Chrome browser that will impact the way security protections are signalled to users. Asa designer, it’s essential to stay updated on these developments to ensure your design choices align with the evolving standards of web security. This blog post will delve into Google’s decision to replace the familiar lock icon in Chrome’s address bar with a new “tune” icon, highlighting the importance of security as the default state and enhancing accessibility to site settings.

How a Professional Web Design Can Boost Your SME's Growth

The Evolution of HTTPS and the Lock Icon

Since the early days of Netscape in the 1990s, web browsers have utilised a lock icon to indicate that a site is loaded over HTTPS, establishing a secure channel between the browser and the website. Over the last decade, Chrome has played a crucial role in promoting HTTPS adoption and making the web more secure by default. Previously, only 14% of the Alexa Top 1M sites supported HTTPS in 2013. Today, however, over 95% of page loads in Chrome on Windows occur over a secure channel using HTTPS.

Redefining the Lock Icon

Despite its historical significance, the lock icon is a remnant of a time when HTTPS was rare. In the early days, it drew attention to the additional security protections offered by HTTPS. However, as HTTPS has become the norm, the lock icon no longer effectively communicates its intended meaning. Google’s research in 2016 revealed that users often misunderstood the icon’s purpose, leading to a redesign. Surprisingly, subsequent research in 2021 showed that only 11% of participants correctly understood the precise meaning of the lock icon.

The Need for a Neutral Indicator

One of the primary motivations behind replacing the lock icon is to prevent misunderstandings about website trustworthiness. It’s crucial to recognise that the lock icon does not guarantee the safety or trustworthiness of a page. In fact, nearly all phishing sites employ HTTPS and therefore display the lock icon. Organisations, including the FBI, have explicitly stated that the lock icon is not an indicator of website safety.

Enhancing Accessibility and Controls

The lock icon currently serves as a gateway to site controls in Chrome. However, Google’s research has shown that many users never grasped the significance of clicking on the lock icon to access important information and controls. To address this, Google began experimenting in 2021 with replacing the lock icon with a more security-neutral entry point to site controls. Users involved in the experiment accessed site controls more frequently, without expressing confusion typically associated with major UI changes.

Introducing the Tune Icon

Based on extensive research and industry insights, Google has decided to replace the lock icon with a variant of the tune icon in Chrome. The tune icon was chosen for several reasons:

  1. Does not imply “trustworthiness”: The new icon avoids any association with website trustworthiness, preventing potential misunderstandings.
  2. Obvious clickability: The tune icon’s design makes it more evidently clickable, ensuring users recognise it as an entry point to important controls.
  3. Familiarity with controls: The tune icon is commonly associated with settings or other controls, creating a sense of familiarity for users.

Scheduled Launch and Platform-Specific Changes

The new tune icon is set to debut in Chrome 117, slated for release in early September 2023. This update will coincide with a broader design refresh for desktop platforms. It’s important to note that Chrome will continue to alert users when their connection is not secure, maintaining a proactive approach to web security. Users can preview the new tune icon in Chrome Canary by enabling the Chrome Refresh 2023 flag at chrome://flags#chrome-refresh-2023. However, it’s crucial to remember that this flag represents a work in progress and does not represent the final product.

The Impact on Mobile Platforms

In addition to the desktop change, Google plans to replace the lock icon on Android platforms simultaneously. However, on iOS, where the lock icon is not interactive, it will be completely removed. Regardless of the platform, plaintext HTTP will continue to be marked as insecure, emphasising the importance of secure connections.

Towards a Secure-By-Default Web

The decision to replace the lock icon in Chrome marks a significant milestone in the ongoing effort to create a secure-by-default web. As mid-level designers, it’s essential to understand and adapt to these changes. The rising adoption of HTTPS has played a pivotal role in enabling this transition, and it’s exciting to witness the progress made over the years.

By introducing the tune icon, Google aims to enhance user accessibility to permission controls and additional security information while eliminating the misconceptions surrounding the lock icon. This icon redesign aligns with the broader shift in the industry towards emphasising security as the default state. It’s a reminder that as designers, we have a responsibility to create intuitive user experiences that prioritise user safety and instill confidence in web interactions.

Looking Ahead

As the launch of Chrome 117 approaches, it’s important for mid-level designers to stay informed about the upcoming changes and ensure their design strategies align with the evolving standards of web security. The new tune icon not only represents a visual transformation but also a shift in the way we communicate security to users. Embracing this change will contribute to a safer and more trustworthy browsing experience for millions of Chrome users worldwide.


Google’s decision to replace the lock icon with the tune icon in Chrome’s address bar reflects the evolution of web security and the need to adapt visual indicators accordingly. The rising prominence of HTTPS has made it necessary to redefine how we communicate security to users. The tune icon, with its neutrality and enhanced clickability, represents a step towards emphasising security as the default state while making site settings more accessible.

As mid-level designers, it’s essential to understand the reasoning behind this change and incorporate it into our design decisions. By staying up to date with these developments, we can contribute to creating user-friendly experiences that prioritise security and empower users to make informed choices. Let us embrace the new tune icon and continue our journey towards a web that is secure by default.

Best Website designers in Harrogate

To find out more about my work or to say 👋 click the button below.



Andrew Backhouse, a skilled independent designer based in Harrogate, North Yorkshire, assists small and medium-sized enterprises, well-established brands, and dedicated creative professionals with their website design needs. Have a look at his portfolio and reach out for collaboration.

Share This