Google plans to enforce HTTPS by default. The company aims to ensure that all users have HTTPS-First enabled, which automatically redirects HTTP requests to HTTPS. Currently, over 90% of requests sent by Chrome users use HTTPS, but there is still 5-10% of traffic tied to HTTP. To address this, Google has decided to introduce intermediate measures before fully implementing automatic forwarding to HTTPS.
In Chrome 115, the company has updated the browser to gradually enable HTTPS-First mode by default for a small percentage of users. To handle sites that do not support HTTPS, a fallback to HTTP has been implemented if there are issues with completing requests via HTTPS or problems with certificates. For cases where different content is served via HTTP and HTTPS, HTTPS-First mode will be automatically applied if the browsing history for the current site includes past HTTPS hits.
Currently, HTTPS-First mode is enabled for users who are logged into their accounts and have agreed to participate in the Google Advanced Protection program. In future Chrome releases, HTTPS-First will be enabled by default for pages opened in incognito mode. Experiments are also being conducted to automatically enable HTTPS-First for sites known to support HTTPS and for users who rarely use HTTP in their browser.
Furthermore, in Chrome 117, warnings will be implemented when attempting to download files over an insecure connection. Users will be alerted about the risk of these files being spoofed due to the use of unencrypted communication channels. However, warnings will not be shown for image, video, and music files.
Enable HTTPS-First mode in Google Chrome right now
To enable HTTPS-First mode without waiting for a new browser version, do the following.
- Open a new tab in Google Chrome.
- In the URL bar, type
chrome://settings/securityand hit Enter.
- On the next page in Settings, enable the "Always use secure connections" option.
- Now, return to the address bar, and type or paste chrome://flags/#https-upgrades. Enable the flag.
- Finally, change one more flag, chrome://flags/#insecure-download-warnings to whether see or hide the prompt.
- Relaunch the browser.
Chrome 117 will also show extra details for extensions removed from the Web Store. Specially, it will show the reason due to which the extension was pulled out.
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: