Google has made a big change to its Chrome browser: HTTPS by default. It will now automatically turn on secure HTTPS connections for all users.
Starting in April 2026, Chrome will start to protect users by warning them before they go to websites that don’t have HTTPS encryption and could be dangerous. This step is the last push to protect the last bits of the unencrypted web, and it will affect billions of users around the world.
HTTPS by Default: What’s changing and when
Starting with Chrome 154 in October 2026, Google will turn on the “Always Use Secure Connections” setting by default for all users. This option has been available since 2022, but making it the default for everyone is a big step. For the more than one billion users who have turned on Enhanced Safe Browsing, Google will start this change earlier, in April 2026, with Chrome 147.
When Chrome is turned on, it will try to load every website over HTTPS by default. If a public site doesn’t support this secure protocol, the browser will show a warning that gives users a chance to back out before going on. The alerts are smart for the browser. It won’t keep warning you about the same unsafe site over and over. It only warns about new or rarely visited HTTP pages so that users don’t get annoyed.
The simple reason for this change is safety. An attacker can take over a user’s navigation and make their browser load harmful resources if HTTPS is not used. Such an attack can cause malware infections, targeted attacks, or scams that use social engineering. Google says that this issue is not just a theoretical risk; hackers have used this kind of software in real-life attacks.
In today’s web environment, this push makes sense. Since 2020, the number of people using HTTPS has stayed very high, between 95% and 99%. This looks like most of the web, but a few percent of insecure navigations still make many attacks possible. Google thinks the web is now strong enough for this stronger step.
Keep in mind that the “public-sites” variant will be the default setting. This means that Chrome won’t warn people when they visit private sites like router configuration pages (like 192.168.0.1) or corporate intranets. These connections are less risky because an attacker would have to be on the same local network to use them. Google says that it is still difficult to set up HTTPS for these private names that aren’t unique.
In Chrome’s security settings, users can choose to turn off the warnings if they don’t think they need them.
Chrome’s HTTPS by Default move in context
Chrome is not the first browser to require secure connections. Browsers that focus on privacy, like Tor, LibreWolf, and Mullvad, already have strict secure-only modes turned on by default. Brave Browser has similar upgrade options and lets users choose how strict they want the browser to be.
The main difference lies in the size and popularity of Chrome. When Chrome changes a default setting, it affects the whole web ecosystem because it is the most popular browser in the world. This choice will probably make other Chromium-based browsers use the same default, which will make it even more popular. The next table shows how different browsers work.
The message is clear for website owners and IT professionals: it’s time to switch to HTTPS. Google strongly suggests that they turn on the “Always Use Secure Connections” setting in their browsers today to find any sites that still need to be moved.
Stopping HTTP requests that immediately redirect to HTTPS is a common practice that will now trigger user warnings. This is a change that will affect many sites.
This change by Google Chrome is a big step toward a fully encrypted web. It makes secure browsing a standard expectation for everyone instead of just an expert preference. The internet won’t break in 2026, but your browser will become much harder to trick. The result is a quiet but powerful upgrade for everyone.
