Google has made a big change to its Chrome browser: HTTPS is now the default. It will now automatically turn on secure HTTPS connections for all users. Chrome will warn users about dangerous, unencrypted HTTPS websites in April 2026. This final push to secure the unencrypted web will affect billions of users worldwide.
What’s going to change with HTTPS by Default and when?
Starting with Chrome 154 in October 2026, Google will turn on the “Always Use Secure Connections” setting by default for all users. This option has been available since 2022, but making it the default for everyone is a big step. For the more than one billion users who have turned on Enhanced Safe Browsing, Google will start this change earlier, in April 2026, with Chrome 147.
When Chrome is turned on, it will try to load every website over HTTPS by default. If a public site doesn’t support this secure protocol, the Browser will show a warning that gives users a chance to back out before going on. The alerts are smart for the Browser. It won’t keep warning you about the same unsafe site. It only warns about new or rarely visited HTTP pages to avoid annoying users.
The simple reason for this change is safety. An attacker can hijack a user’s navigation and cause their Browser to load harmful resources if HTTPS is not used. Such an attack can cause malware infections, targeted attacks, or social engineering scams. Google says that this issue is not just a theoretical risk; hackers have used this kind of software in real-life attacks.
In today’s web environment, this push makes sense. Since 2020, the number of people using HTTPS has stayed very high, between 95% and 99%. This looks like most of the web, but a few percent of insecure navigation still makes many attacks possible. Google thinks the web is now strong enough for this stronger step.
Keep in mind that the “public-sites” variant will be the default setting. This means that Chrome won’t warn people when they visit private sites, such as router configuration pages (e.g., 192.168.0.1) or corporate intranets. These connections are less risky because an attacker would have to be on the same local network to use them. Google says that it is still difficult to set up HTTPS for these private names that aren’t unique. In Chrome’s security settings, users can turn off warnings if they don’t think they need them.
Chrome’s HTTPS by Default move in context
Chrome is not the first Browser to require secure connections. Browsers that prioritize privacy, like Tor, LibreWolf, and Mullvad, already have strict, secure-only modes enabled by default. Brave Browser has similar upgrade options and lets users choose how strict they want the Browser to be.
The main difference lies in the size and popularity of Chrome. When Chrome changes a default setting, it affects the whole web ecosystem because it is the most popular Browser in the world. This choice will likely make other Chromium-based browsers adopt the same default, making it even more popular. The next table shows how different browsers work.
Website owners and IT professionals must switch to HTTPS. Google recommends turning on “Always Use Secure Connections” in their browsers today to find remaining sites to move. Common practices, such as stopping HTTP requests that redirect to HTTPS, now trigger user warnings. Many sites will be affected by this change.
In conclusion, the Chrome change is a major step toward a fully encrypted web. It makes secure browsing a norm rather than an option for experts. The internet won’t break in 2026, but browsers will be harder to trick. The result is a quiet but powerful upgrade for all.
