Introduction to Chrome’s New Security Feature
Google Chrome is set to introduce a new security feature that will change the way we browse the internet. Starting from October 2026, Chrome will enable "Always Use Secure Connections" by default, which means that users will be warned before loading any public website that doesn’t use HTTPS encryption. This move aims to protect users from potential security risks associated with unencrypted connections.
What’s Changing
The new feature will apply exclusively to public websites, excluding private sites such as local IP addresses, single-label hostnames, and internal shortlinks. According to Chris Thompson and the Chrome Security Team, "HTTP navigations to private sites can still be risky, but are typically less dangerous than their public site counterparts because there are fewer ways for an attacker to take advantage of these HTTP navigations."
Public Site Warning
When a user tries to access a public website that doesn’t use HTTPS, they will see a warning explaining the security risks of unencrypted connections. The warning will look like this:
Warning Frequency
To avoid annoying users with repeated warnings, Chrome will limit the frequency of warnings for the same sites. The browser won’t repeatedly warn about regularly visited insecure sites. Testing data shows that the median user sees fewer than one warning per week, while the 95th percentile user sees fewer than three warnings per week.
Current HTTPS Adoption
HTTPS usage has plateaued at 95-99% of Chrome navigations across platforms. When excluding private sites, public HTTPS usage reaches 97-99% on most platforms. Windows shows 98% HTTPS on public sites, while Android and Mac exceed 99%. Linux reaches nearly 97%.
Why This Matters
The new feature is important because clicking on HTTP links can pose security risks. Attackers can hijack unencrypted navigations to load malware, exploitation tools, or phishing content. Google’s transparency report shows that HTTPS adoption stalled after rapid growth from 2015-2020. The remaining 1-5% of insecure traffic represents millions of navigations that create attack opportunities.
Looking Ahead
Google will continue to outreach to companies responsible for the highest HTTP traffic volumes. Many sites use HTTP only for redirects to HTTPS destinations, creating an invisible security gap that the new warnings will close. Chrome plans additional work to reduce HTTPS adoption barriers for local network sites. The company introduced a local network access permission that allows HTTPS pages to communicate with private devices once users grant permission.
Conclusion
In conclusion, Google Chrome’s new security feature is a significant step towards protecting users from potential security risks associated with unencrypted connections. By enabling "Always Use Secure Connections" by default, Chrome will warn users before loading any public website that doesn’t use HTTPS encryption. This move is expected to reduce the number of security risks and make the internet a safer place for everyone. Website owners running HTTP-only sites have one year to migrate before Chrome warns their visitors. Users can enable the feature today to test how the warnings affect their site traffic.