×

Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

HTTPS Update – By Default Google Chrome Will Use HTTPS for Incomplete URLs

https update

If You Forget to Add the HTTP or HTTPS Prefix, Google Chrome Will Use HTTPS by Default

Google engineers are among some of the most fervent promoters when it comes to browser security features. For instance, from the past few years, along with the Tor and Mozilla Firefox browsers team, Google engineers have made a significant improvement that has changed the shape of browsers into what it’s today.

From revolutionary features such as Site Isolation and working along with the CA/B Forum in private for the SSL/TLS certificate state, they’ve made tremendous improvement. We should be grateful to the Google Chrome team.

However, the most extensive areas of interest of Google Chrome engineers from the past few years have been promoting and making use of secure HTTPS connection mandatory.

As part of this mission to make HTTPS connection mandatory, they’re now going to move one step ahead. Though it was supposed to come out in this Google Chrome Version 90, it has been delayed due to certain undue circumstances. But very soon, Chrome will try to upgrade sites from HTTP to HTTPS if HTTPS is available. Likewise, Google Chrome will also warn users if they try entering passwords or credit card details in an unsecured HTTP connection, which can expose their critical information across a network in plaintext.

In other words, Google Chrome will very soon come with an update that will make use of HTTPS by default if any user forgets to types in a website address without using the HTTP or HTTPS protocol. Nonetheless, it’s a proper decision because, according to the Google Transparency Report’s latest data, around 95% of websites are already using HTTPS to encrypt and secure their website traffic.

If you’ve questions, when this feature is implemented, when it will be available to regular users, or does it means that Google Chrome will start forcing HTTPS connection and what this change means for the website owners, keep reading.

Let’s dive into details and understand.

No, Google Chrome Will Not Force HTTPS Connection

According to the blog of Google Chrome on March 23rd, Google announced that they’d roll out Google Chrome version 90 update. In that, they’ll focus on making HTTPS by default protocol whenever any user loads websites.

Once the update is released, then whenever any user manually enters the URL in Google’s omnibox, by default, Google browser will try to load that website using an HTTPS connection. It means, if someone typed any website address, for example, websitesecuritystore.com, into Google Chrome, Google would automatically load the website as https://websitesecuritystore.com/. Unlike using the insecure HTTP connection for the first time, it’ll directly establish the connection using HTTPS.

Usually, Google and other popular web browsers like Mozilla Firefox initially loads web pages using HTTP connection by default because it’s the widely accepted scheme for many years. But, after Google’s step of making it mandatory to have an SSL installed or facing a “Not Secure” warning has likely created an impact. For example, by looking at the “Not Secure” warning, many users scare to visit the website and usually avoid it.

not secure warning web address bar
Nonetheless, HTTPS is becoming the next norm nowadays. Therefore Google is ready to make another update by switching to secure HTTPS protocol automatically for all the incomplete URLs entered by the users instead of redirecting them from HTTP to HTTPS.

Does This Shift of HTTPS for Incomplete URLs by Default Matters

This upcoming Update of Google to load websites using HTTPS by default is good because it’s done assuming most websites have shifted to secure SSL/TLS certificate. That being said, it’ll not affect those websites that haven’t shifted to HTTPS connection and will likely shift back to the HTTP connection.

Some common reasons we think why Google is moving towards this update are:

1. Google Chrome Users Want Secure Experience

Whether Google types website URLs using HTTPS or not, Google thinks, and it’s even true, that genuine users would like to keep their data secure with strong encryption that can’t be broken by any site attackers and other bad guys of the internet.

2. According to Google, Their Top Priority Is Security

Google’s Transparency Report mentions, “We believe that strong encryption is fundamental to the safety and security of all users of the web. Thus, we’re working to support encryption in all of our products and services.” So, it’s obvious they’ll develop all the ideas that help them rigorously implement it.

3. More Than 90% of Websites Already Uses HTTPS

After Google pushed HTTPS connection and made it mandatory, it has resulted chiefly the way they were looking for. Most web traffic depends upon a secure HTTPS connection in today’s date, making sense to connect using HTTPS by default. Further, an HTTPS connection is faster to communicate with instead of first trying HTTP and then waiting for the server to redirect to HTTPS after that.

Thus, this update will prove helpful to everyone. Though some exception is there like cybercriminals will frown upon it.

HTTPS for Incomplete URLs – When Google Chrome Will Provide This Update

According to Techradar reports, it’s released and tested with selected Chrome Beta users through the version 89 update that was released earlier this year. On the other hand, Google’s Chrome Platform Status page shows that “stable” (full) Chrome version 90 is released and made available to the public on April 13th, 2021.

However, it’s delayed, and according to Pete LePage, Google Developer’s Advocate, it will get released shortly.

chrome 90 https update delay twitter
Here, we can see the conversation where Adam Thompson inquired on Twitter about the updates and when Chrome’s desktop version should be expected. In reply, it’s said that it’ll get released shortly.

It was about to get released in this Version 90 of Google Chrome, but it’s delayed. When it rolls out, we don’t have an exact date, but you should see this soon. (And, we’ll update it once it releases.)

Further, we even check, and the HTTPS functionality update hasn’t rolled out yet. So, for testing purposes, we checked with some websites manually typing domain names without specifying “HTTPS.” For instance:

myshopify loaded insecurely Screenshot of myshopify.com Loading Insecurely
myshopify loaded securely Screenshot of myshopify.com Loading Securely
In the first screenshot, the domain name is entered without HTTPS in the Address bar: “myshopify.com” into the latest Google Chrome Version 90. And, the website loaded with “Not Secure.” After trying to open the website using the HTTPS prefix “https://www.myshopify.com/,” it opened securely.
gnu load insecurely Screenshot of gnu.org Load Insecurely
gnu load securely Screenshot of gnu.org Loading Securely

In another example, “gnu.org” is entered in the latest updated Google Chrome, and it loaded with the same “Not Secure” warning. Once the HTTPS prefix is kept while entering “https://www.gnu.org/,” the website opened securely.

Therefore, we can say that Google Chrome version 90 is available, but the feature HTTPS-by-default might not be active in your web browser presently. And, we can only wait for it once it rolls out.

Wrapping Up

Rolling out HTTPS by default for incomplete URLs is one step forward in the right direction. Due to COVID – 19, the last year 2020 has been bad for the entire human race, but bad guys haven’t backed down, nor did they show any humanity. 2020 has witnessed many cyberattacks and data breaches, which is the biggest reminder that you shouldn’t take website security for granted.

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More
Download Site Seal