Google Chrome is taking a major step toward enhancing web security by defaulting to secure HTTPS connections for public websites. While most web traffic already uses HTTPS, Google aims to close remaining gaps and protect users from insecure HTTP sites by introducing a new feature called “Always Use Secure Connections.” This change will roll out in phases, ultimately becoming the default behavior in Chrome 154, scheduled for October 2026.
The Current State of HTTPS Adoption
Since 2018, Google has been pushing for safer web browsing by warning users about non-secure HTTP sites. As of 2020, about 95 to 99 percent of web navigations in Chrome already use HTTPS, showing widespread adoption of secure protocols. However, some public websites still load over HTTP, which exposes users to risks such as interception, malware injection, and social engineering.
Introducing Always Use Secure Connections
To help users avoid unsafe HTTP sites, Chrome is enabling a setting called “Always Use Secure Connections.” When activated, Chrome will first attempt to connect to the HTTPS version of a website and only request permission before accessing HTTP websites if a secure option is unavailable. For users who opt in to Google’s Enhanced Safe Browsing protections, this feature will activate earlier, starting in April 2026 with Chrome 147. The default activation for all users is planned for October 2026 with Chrome 154.
Security Risks of HTTP and Why HTTPS Matters
HTTP connections are vulnerable to attackers who can hijack traffic to inject malicious content or surveil users. Such software for hijacking is easy to obtain and has been used in real-world targeted attacks. Because attackers only need one insecure HTTP navigation to gain a foothold, even a small number of HTTP connections pose a threat. HTTPS encrypts data transferred between the browser and the server, mitigating interception and tampering risks.
Exceptions for Private Networks
Google recognizes that private sites like local IP addresses or corporate intranets commonly use HTTP and may find HTTPS certification challenging due to complex network setups. Chrome will not force HTTPS on such private sites, but these connections are considered lower risk since attacks require local network access.
Looking Ahead
This step is part of Google’s ongoing campaign to make the web a safer place for users everywhere. By encouraging secure connections by default, Chrome will reduce the attack surface for many cyber threats and promote improved privacy standards. Users can expect their browsing experience to become more secure without manual intervention as these updates roll out over the next few years.
In summary, Google Chrome’s move to default to HTTPS connections starting in October 2026, with earlier adoption for Enhanced Safe Browsing users in April 2026, reflects the company’s commitment to advancing web security and protecting users from the dangers of unencrypted web traffic.
