Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser’s next stable version.
This feature entered testing last month, and it rolled out as part of a limited experiment for users of Chrome Canary, Dev, or Beta.
The change will be rolling out to Chrome Desktop and Chrome for Android stable versions after updating to version 90 (to be released on April 13), with an iOS rollout scheduled for later this year.
This move is part of a larger effort to defend users from attackers attempting to intercept their unencrypted web traffic and speed up the loading of websites served over HTTPS.
“Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol,” Chrome team’s Shweta Panditrao and Mustafa Emre Acer said.
“In addition to being a clear security and privacy improvement, this change improves the initial loading speed of sites that support HTTPS, since Chrome will connect directly to the HTTPS endpoint without needing to be redirected from http:// to https://.
“For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure).”
How to test it right now
Google Chrome users who want to test this new feature before it reaches the stable channel can do so by enabling an experimental flag.
To do that, you will have to go to chrome://flags/#omnibox-default-typed-navigations-to-https and enable HTTPS as the default navigation protocol.
You also have the option to choose a 3 or 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL.
If Chrome cannot find an HTTPS version for the website you entered in the address bar, it will automatically fall back to the HTTP URL.
“For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure),” they said.
“HTTPS protects users by encrypting traffic sent over the network, so that sensitive information users enter on websites cannot be intercepted or modified by attackers or eavesdroppers,” Panditrao and Acer added.
“Chrome is invested in ensuring that HTTPS is the default protocol for the web, and this change is one more step towards ensuring Chrome always uses secure connections by default.”