Today, more than 90% of the total Internet websites, and of the total connections that are carried out, travel through HTTPS. And, in order to reach 100% as soon as possible, little by little we must continue to advance in the fact of forcing these connections and sanction, in a certain way, everything that is not a secure connection. And, therefore, this novelty will be well received by users. Mozilla has already taken the step with its Firefox 83, and now it is Google Chrome’s turn.
Google Chrome 94 will prioritize HTTPS connections always
There are some web pages that, although they support HTTPS, are configured to work exclusively with HTTP. In addition, certain computer attacks can make the browser request some elements of the web in HTTP despite being available as HTTPS.
In this way, as Google has announced, the browser will very soon receive a new function called «HTTPS-First«. Thanks to this new function, users will be protected from badly configured websites, and from MITM attacks that try to make our browser use insecure connections instead of the secure HTTPS connections. This feature is similar to how some extensions, such as HTTPS Everywhere, work, but natively in the browser.
Thanks to it, all users can be sure that they are using secure connections by default whenever possible, and they will only see warnings when there is no possibility to establish an HTTPS connection. In addition, it will improve the load of many websites that, until now, made HTTP / S requests travel twice to offer the secure protocol.
The HTTPS lock will disappear
If HTTPS connections are always going to be the default, the padlock that indicates a secure connection does not make much sense. Therefore, Google intends to remove it from our address bar. It is assumed that all the websites we visit will be secure and will have their own HTTPS certificate. Therefore, we will only see a warning in the address bar when this is not the case, that is, when a website uses a normal HTTP.
This new function will reach all users with Google Chrome 94. And this version is intended for September of this year. In addition, users who have the Canary version of the browser installed can already try it. We simply have to write in the address bar «chrome: // flags / # https-only-mode-setting«, Activate this flag and restart the browser. From then on, HTTPS-First will start to protect all your connections.
Being a change in Chromium, browsers based on it (such as Edge, or Opera) may also have this function.