Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users’ web traffic from eavesdropping by upgrading all connections to HTTPS.
This new feature is now being tested in the Chrome 93 Canary preview releases for Mac, Windows, Linux, Chrome OS, and Android.
While no official announcement has been made yet, HTTPS-Only Mode [1, 2] will likely start rolling out on August 31, when Chrome 93 is expected to reach stable status.
Google has previously updated Chrome to default to HTTPS for all URLs typed in the address bar if the user specifies no protocol.
How to test it right now
If you want to test this experimental feature right now, you will have to first enable the “HTTPS-Only Mode Setting” flag by going to chrome://flags/#https-only-mode-setting.
This adds the “Always use secure connections” option to the browser’s security settings which, once enabled, will set up Chrome to automatically upgrade all navigation to HTTPS and display alerts before loading websites that don’t support it.
The HTTPS upgrades will be automatic with no warnings to allow you to browse the Internet without interruptions over a secure connection wherever possible.
Google is not the first major web browser vendor to consider adding an option to enable HTTPS on all websites automatically.
For instance, Microsoft Edge now can be configured to switch users to secure HTTPS connections when visiting websites over HTTP after enabling a new Automatic HTTPS option available in preview in the Canary and Developer preview channels, with an estimated release in July.
Mozilla has also added an HTTPS-Only Mode which secures web browsing by rewriting URLs to use the HTTPS protocol (although this feature is disabled by default, it can be enabled from the browser’s settings).
Protection from MITM attacks, traffic tampering
By upgrading all connections to websites to HTTPS, Google Chrome will protect users from man-in-the-middle (MITM) attacks trying to snoop on data exchanged with Internet servers over the unencrypted HTTP protocol.
Sensitive info sent and received over HTTP (such as passwords, credit card info, and other similar data) can also be harvested by malware running on users’ compromised computers.
HTTPS also makes sure that attackers trying to intercept your web traffic won’t alter data exchanged with Internet sites without being detected.
By ensuring that you’re always using HTTPS when browsing the web when HTTPS-Only Mode is active, Google Chrome helps secure your data in transit by encrypting all connections to sites’ servers.