Google has announced that starting in October 2026, with the release of Chrome 154, its web browser will begin asking users for permission before connecting to any public website that uses an insecure HTTP connection.
This move is part of Google’s long-term plan to make the internet safer and ensure users browse only through secure HTTPS connections.
Since 2021, Chrome has offered an optional feature called HTTPS-First Mode, which tries to connect websites over HTTPS and shows a warning if it’s unavailable. However, Google now plans to make this option the default setting for everyone. The change aims to protect users from man-in-the-middle attacks that can steal or modify data sent over unencrypted HTTP connections.
According to the Chrome Security Team, once this update is rolled out, Chrome will prompt users for consent before visiting any site without HTTPS. The team explained that insecure links can allow attackers to hijack traffic, inject malware, or carry out social engineering attacks.
Google also mentioned that Chrome won’t repeatedly warn users about sites they visit often, even if they’re insecure. Instead, the browser will only display warnings for new or rarely visited HTTP websites. Users will also be able to choose whether they want these warnings to apply only to public sites or to both public and private sites, such as those within a company’s internal network.
While private sites can still pose risks, they are generally less dangerous since attackers have fewer opportunities to exploit them, often requiring access to the same local or corporate network. Google noted that most users shouldn’t see many alerts anyway, as around 95–99% of websites now use HTTPS—a significant increase from just 30–45% in 2015.
Before making this feature default for all users, Chrome plans to roll it out in April 2026 with version 147 for over one billion people who use Enhanced Safe Browsing. Google expects the transition to be smooth, but still allows users to disable the warnings if they prefer.
The company advised developers and IT professionals to enable the HTTPS-only setting now to identify and update any affected websites before the change takes effect.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Google has been steadily improving Chrome’s security over time. In 2023, it added a feature that automatically upgrades in-page HTTP links to HTTPS, and more recently, it started revoking notification permissions from sites that users haven’t visited in a while to minimize unwanted alerts.
