Today, practically all websites are prepared to be able to navigate through HTTPS. It has been a long struggle until we have reached this point, and thanks to this, the data travels over the network encrypted and with more security than it would through a normal HTTP. However, there are still websites that use HTTP by default, as well as some content that, although the website loads by HTTPS, these travel through the insecure protocol to our PC. And this is precisely what Chrome‘s new HTTPS-First mode wants to end with.
Today, more than 90% of the total Internet websites, and of the total connections that are carried out, travel through HTTPS . And, to be able to reach 100% as soon as possible, little by little we must continue to advance in the fact of forcing these connections and sanction, in a certain way, everything that is not a secure connection. And, therefore, this novelty will be well received by users. Mozilla has already taken the step with its Firefox 83, and now it is Google Chrome’s turn.
Google Chrome 94 will prioritize HTTPS connections always
There are some web pages that, although they support HTTPS, are configured to work exclusively with HTTP. In addition, certain computer attacks can make the browser request some elements of the web in HTTP despite being available as HTTPS.
In this way, as Google has announced, the browser will receive a new function called ” HTTPS-First ” very soon. Thanks to this new function, users will be protected from badly configured websites, and from MITM attacks that try to make our browser use insecure connections instead of secure HTTPS connections . This feature is similar to how some extensions, such as HTTPS Everywhere, work, but natively in the browser.
Thanks to it, all users can be sure that they are using secure connections by default whenever possible, and they will only see warnings when there is no possibility of establishing an HTTPS connection . In addition, it will improve the load of many websites that, until now, made HTTP / S requests travel twice to offer the secure protocol.
The HTTPS lock will disappear
If HTTPS connections are always going to be the default, the padlock that indicates a secure connection does not make much sense. Therefore, Google intends to remove it from our address bar. It is assumed that all the websites we visit will be secure and will have their own HTTPS certificate . Therefore, we will only see a warning in the address bar when this is not the case, that is, when a website uses a normal HTTP.
This new feature will reach all users with Google Chrome 94. And this version is intended for September of this year. In addition, users who have the Canary version of the browser installed can already try it. We simply have to write ” chrome: // flags / # https-only-mode-setting ” in the address bar, activate said flag and restart the browser. From then on, HTTPS-First will start to protect all your connections.
Being a change in Chromium , browsers based on it (such as Edge, or Opera) may also have this function.
