Google has recently introduced HTTPS-First mode to increase the security of Chrome browser users.
Google states that most of the traffic on the internet now passes through HTTPS sites. However, the company says that still around 5-10% of activity relies on HTTP, and this insecure and outdated protocol should no longer be used.
Google is enabling HTTPS-First mode in Chrome
Chrome shows warnings when you visit websites that use HTTP. But many people ignore them. Therefore, the company decided to take more effective steps to change the behavior of web writers and their audience.
Google enabled HTTPS-First mode in Chrome 94 in September 2021, mandating sites to open in HTTPS if possible for users who enable this feature. However, the company has now decided to take a more proactive approach by making it the default experience in future Chrome releases. Since Chrome version 115, Google has been trying to enable this behavior in the browser by default.
Websites using HTTP are automatically upgraded to HTTPS unless they fail due to an invalid certificate or HTTP 404 error. In this case, there is still a fallback mechanism and a warning about connection security is shown to the user. It also allows the user to continue to the website by giving permission.
This process is also extended to “high risk” files downloaded over insecure connections. Here, Google displays a warning to the user while allowing them to continue the download if they accept the risk. When HTTPS-First mode is disabled, no warning will be displayed for simple download formats (such as images, videos, and audios). Because Google believes these are not as risky as high-risk files.
You can try this feature right now
HTTPS-First mode is enabled by default for Advanced Protection Program customers already signed into Chrome. For others, the configuration will soon be enabled in Incognito mode. Google is also exploring the idea of automatically enabling HTTPS-First mode on websites it believes are already using you over the protocol.
Currently, those who want to try this experience for yourself can enable the “HTTPS Upgrades” and “Insecure download warnings” options at chrome://flags. Similarly, you can turn HTTPS-First mode on or off via the “Always use secure connections” security setting in Chrome.
This update is just one of many attempts by Google to make the web safer for everyone. Additionally, the company recently proposed a new web standard called the Web Media Integrity API.