Chrome Gets Serious About Enforcing HTTPS Over Unsafe HTTP

Last updated September 20, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Chromium/Chrome has announced that the world’s most popular web browser will introduce some HTTPS-focused features starting with version 94. That would include opting to visit the HTTPS version of a website first, replacing the “lock icon” with something more intuitive, and displaying a full-screen warning to the user when they’re attempting to visit an HTTP webpage.

HTTPS (Hypertext Transfer Protocol Secure) is an extension of the HTTP communication protocol that offers an encryption layer between the exchanging parties. What this means is that when you visit a website that uses HTTPS, any information exchanged between the server and your computer is encrypted and so man-in-the-middle or any eavesdropping efforts won’t yield anything useful. On the contrary, when visiting an HTTP site, any information entered here will be in clear text form if it ends up in the wrong hands.

The prioritization of the HTTPS will be offered in the form of a togglable mode, so if users enable it, Chrome will automatically detect when a site has both HTTPS and HTTP versions and connect to the former.

The replacement of the “lock icon” comes as a response to user confusion. According to a study conducted by the Chromium team, only 11% of the participants were able to identify its meaning, with the rest thinking that it is there to indicate the website they visited is trustworthy. Starting with Chrome version 93, this will be replaced by a “Page Info” that opens up by clicking an arrow button on the URL bar.

Source: Google

Support for HTTP will remain, but some additional restrictions will be introduced to prevent tricky stuff. First, users will get a full-screen warning that they are using an insecure HTTP connection when visiting such a site. Secondly, sites will now have limited ability to opt-out of security policies over insecure connections. And thirdly, the duration for which Chrome will store site content provided over HTTP connections will be restricted too.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: