Google is introducing an option called “HTTPS First” with Chrome 94. It consists of requesting only the secure HTTPS connection when visiting a website, if it is available.
Announced in the middle of summer, Google’s new security feature for its Chrome browser has arrived. It comes with version 94 of the software, which is available since September 21. Internet users must update Google Chrome manually to benefit from it, if it has not already been recovered and installed automatically.
Google Chrome increases the prioritization of HTTPS
This functionality consists of deploying a connection mode called “HTTPS First” (or “HTTPS First”) to Internet users. With it, the browser will attempt to load the web pages requested by the Internet user with the secure connection, instead of trying to reach them with a basic connection, without protection when it circulates on the Internet between his PC and the computer server that is contacted.
The secure connection is symbolized by the acronym HTTPS, which stands for HyperText Transfer Protocol Secure. It is the letter “s” which is important here, because it indicates that the connection is secure. This acronym appears at the beginning of web addresses (as for the Numerama site), with the presence of a closed padlock symbol. Clearly, the data that circulates between the Internet user and the site is encrypted.
When this mode is active, it therefore seeks to establish a connection using the HTTPS protocol as a priority. If this is not possible, because the visited site does not support it, Google Chrome displays a warning in full screen. The Internet user retains the possibility of entering the website anyway, without the secure connection, but he will have been warned of the risks involved.
Google did not start this switch with Chrome 94. Already with Chrome 90, the company sought to activate by default the secure HTTPS connection when connecting to the website. With Chrome 94, it is a question of extending this policy by seeking to systematically put the connections in HTTPS and, if necessary, by posting an alert for the sites which do not manage the protocol.
During its announcement, Google warned that this mode would initially be inactive: it is up to the user to turn it on by going to the browser settings. Ultimately, however, the American company could impose “HTTPS First” by default. However, no timetable has been outlined for a possible changeover. The company says it wants to take feedback from its community into account.
Another web browser has also positioned itself in this niche: Firefox. The release in November 2020 of version 83 of the browser kicked off the “HTTPS Only” mode. It too is optional. It is also to be activated in the software settings. And it too could eventually become the default connection mode. The method to have it is described in this topic.
The optional nature of HTTPS First and HTTPS Only modes reflects a certain caution at Mozilla and Google, who do not wish to bombard Internet users with warning pages each time they visit in HTTP. However, websites that do not have HTTPS support are no longer running the streets. They now represent a very small minority.