Chrome Initiative Forces HTTPS Testing

Google to Strengthen Use of HTTPS by Default

Google intends to implement several steps to strengthen the use of HTTPS by default. The ultimate goal is to include for all users of the HTTPS-FIRST mode, which automatically redirects HTTP checks to HTTPS. It is noted that in the present , more than 90% of requests are sent by Chrome users using HTTPS, but 5-10% traffic is still tied to HTTP.

Since not all sites currently support HTTPS and there are configurations in which different contents are given when contacting HTTP and HTTPS, Google has decided to implement a number of intermediate measures before the widespread implementation of automatic testing on HTTPS.

Starting with Chrome 115, the gradual inclusion of the HTTPS-FIRST mode for a small percentage of users began by default. To ensure compatibility with sites that do not support HTTPS, a fallback to HTTP is implemented if a request for HTTPS cannot be executed or if there are problems with certificates.

To address the issue of different content being served according to HTTP and HTTPS, for example when the server is included but HTTPS is not configured, the HTTPS-FIRST mode is automatically applied only if previous visits to the current site were made using HTTPS.

At this stage, the HTTPS-FIRST mode is activated for users who have enabled it in their account and agreed to participate in the Google Advanced Protection program. In a future Chrome release, HTTPS-FIRST will be activated by default for pages opened in incognito mode. Experiments are also being conducted on automatic activation of HTTPS-FIRST for sites that are known to support HTTPS, as well as enabling HTTPS-FIRST for users who rarely use HTTP browsers.

In addition, Chrome 117 plans to implement a warning withdrawal when trying to download files through an unprotected connection. The warning will be shown for files with dangerous extensions such as “.EXE” and “.ZIP”, informing the user about the risk of file substitution due to the use of an insecure communication channel. However, no warnings will be displayed for files with images, videos, and music.


/Reports, release notes, official announcements.