Starting with Chrome 154 in October 2026, Google's browser will ask for user permission by default before connecting to any public, insecure HTTP website. This change will activate the "Always Use Secure Connections" setting for all users, a feature that was previously opt-in. The goal is to ensure users are consistently protected by HTTPS, which encrypts data and guards against man-in-the-middle attacks that can hijack unencrypted connections.
Chrome will display a warning when a user attempts to visit a new or rarely visited site that lacks HTTPS. However, it will not repeatedly alert for sites that are regularly accessed over HTTP to avoid notification fatigue. Users will have the option to customize these warnings, applying them to public sites only or extending them to private intranet sites as well.
Before the global rollout, Google will enable this setting for over a billion users who have Enhanced Safe Browsing activated in April 2026. While users can disable the feature, Google strongly advises website developers and IT professionals to enable it now to identify and migrate any remaining non-HTTPS sites. This move reflects the widespread adoption of HTTPS, which now secures the vast majority of websites, a significant increase from just a decade ago.
Read more...