Chrome will nag you to stop visiting sites without HTTPS

Android Police

By Manuel Vonau

Published Jul 14, 2021

Full-page warnings incoming for HTTP websites in Chrome 94

We may not like everything Google plans for its browser and the open web (FLOC, Manifest v3, and Chromium's dominance come to mind), but there's one thing everyone can agree on: Staying secure on the web is always important. Google and other browser makers have long been pushing webhosters and website owners to use the encrypted, more secure HTTPS standard over HTTP, and they've already managed to win more than 90% of regularly visited websites over. To get hold of the rest, Google wants to make HTTP sites an even less appealing place to visit starting in Chrome 94, slated to arrive in September.

As a refresher, HTTPS is an extension to regular HTTP (the Hypertext Transfer Protocol) and adds encryption to the equation. That means that communication with a website is encrypted in transit, which protects you from nosy sniffers in your network wanting to eavesdrop on your passwords or other interactions you make on a website. Browsing the web in public networks is much more secure when you're visiting HTTPS sites, for example.

Chrome 94 will offer an optional, opt-in HTTPS-First mode that attempts to upgrade all connections to HTTPS by default. If a site doesn't support the standard, it will display a full-page warning before connecting, giving you the chance to abort the process if you don't want to connect without encryption. Google wants to make this HTTPS-First mode the default at some point in the future for everyone, and Mozilla is planning a similar move with its HTTPS-only mode, first introduced in Firefox 83.

While at it, Google is also reexamining the lock icon in the address bar that depicts an HTTPS connection. It turns out that most people think the lock icon means that a website itself is trustworthy, even though it's only the connection that's secure. That's why the company wants to test a new look for site information in Chrome 93 with a few users, turning the lock into an arrow pointing downward. Google hopes that it encourages more people to interact with it, helping them learn more about their connection status. HTTP websites without encryption will continue showing the "Not Secure" indicator.

Google and Mozilla are certainly moving in the right direction here. The sooner all websites are upgraded to HTTPS, the better. Even if the standard may not be necessary for strictly read-only websites like those from some restaurants or other small businesses, it's still good practice and is one of many elements protecting visitors' privacy and security.

Chrome 94 is debuting in the stable channel in September — if you want to get your hands on it earlier, keep an eye out for the next few Chrome Canary updates (APK Mirror). Version 94 should soon be available there.