Safe Surfing Ahead: Chrome to Warn Before Exposing You to Unsecured HTTP Sites

Safe Surfing Ahead: Chrome to Warn Before Exposing You to Unsecured HTTP Sites

In a bold step to make the web safer for millions of users, Google has announced that Chrome will begin issuing visible
Read more
Comments off

In a bold step to make the web safer for millions of users, Google has announced that Chrome will begin issuing visible warnings before loading any public website that doesn’t offer a secure HTTPS connection.

Starting with Chrome version 154 in October 2026, the browser will enable the “Always Use Secure Connections” feature by default. That means when you type in a website address and it uses the older, unencrypted HTTP protocol, your browser will first attempt to connect over HTTPS — and if that fails, you’ll see a warning you can bypass.

This change will roll out in phases:

  • From April 2026 (with Chrome 147), users of Enhanced Safe Browsing will get the warning feature. 
  • By October 2026 (Chrome 154), every Chrome user will have the warning enabled by default.

Why this matters

  • HTTPS (HyperText Transfer Protocol Secure) encrypts the data exchanged between your browser and a website, protecting you from attackers intercepting or altering that traffic. HTTP does not provide this protection. 
  • Even though the vast majority of web traffic (about 95-99%) already uses HTTPS, the small remainder still represents millions of unprotected visits — and that’s enough for attackers to exploit. 
  • For website owners and visitors alike, it signals that unsecured HTTP may soon cause a credibility hit — users will be alerted before they enter a site without encryption.

What stays the same — and what changes

What changes:

  • Public HTTP sites (not private intranets or local network addresses) will trigger a warning before loading. 
  • The browser will try HTTPS first automatically and then show a warning if the site falls back to HTTP. 
  • The feature is on by default — though users can still disable it if needed. 

What remains unchanged / exempt:

  • Local or private sites (such as those on local IPs or intranets) are treated differently because encryption here is harder to manage and the risk is judged lower. 
  • Chrome aims to avoid warning fatigue — users won’t constantly get alerts for sites they visit often; warnings focus on new or rarely-visited HTTP sites.

What you should do now

  • If you’re a website owner and your site still uses HTTP, now is the time to migrate to HTTPS. Free certificates and services make this more affordable than ever. 
  • If you’re a user, you don’t need to do anything immediately — but knowing this change is coming helps you understand warnings you may see and why they matter. 
  • In your settings (chrome://settings/security), you can test the “Always Use Secure Connections” option now, to preview the experience and identify if any sites you rely on will trigger warnings ahead of the full rollout.

Final Word

With this update, Chrome is making secure browsing the default and nudging the web toward better protection for everyone. If your favourite sites still show HTTP, expect a warning — and if it’s your own site, consider upgrading to HTTPS sooner rather than later.