Chrome will alert users on all unsecured (HTTP) sites
The vast majority of the modern web is now encrypted with the HTTPS protocol, ensuring the privacy and integrity of exchanged data.
However, Google plans to take this a step further: starting in October 2026, Chrome will default to displaying a warning when users access an unsecured HTTP site.
A Default Security Feature in Chrome 154
This change builds on the “Always use secure connections” feature introduced in 2022. What was previously optional will become enabled by default with Chrome 154, scheduled for release in fall 2026.
Specifically, Chrome will first attempt to connect using HTTPS. If the site does not support it, a warning message will display, indicating that the exchanged data could be viewed or altered by malicious third parties.
Users can choose to override this warning, but Google advises navigating only on trusted networks, such as one’s home Wi-Fi.
HTTPS: A Barrier Against Eavesdropping and Ad Injection
Before the widespread adoption of HTTPS, it was easy for Internet Service Providers (ISPs) or public Wi-Fi networks to eavesdrop on web traffic, or even inject ads. HTTPS encryption prevents such intrusions: while your ISP can still see the domains you visit, they cannot read or alter the content of the pages being accessed.
A Web That’s Mostly Secure
According to Google, 95 to 99% of pages loaded in Chrome on Windows, Android, macOS, and ChromeOS already use HTTPS. Linux is somewhat lagging behind at around 85% — mainly because its users often self-host their services without SSL certificates.
However, when only considering public sites, the percentage rises to 97%.
Exceptions for Local Sites
The warning will only appear on the first visit to an HTTP site or after a long period of inactivity. Local or private sites — such as router interfaces or NAS servers — will be exempt by default. However, Chrome will offer an option to enable alerts for these sites if the user wishes.
“HTTP navigation on private sites can still be risky, but they are generally less critical than public sites, as an attacker would need to already be on the same local network,” Google explains.
How to Enable the Feature Right Now?
No need to wait until 2026: you can activate this protection today. Go to Settings > Privacy and security > Security, then enable the “Always use secure connections” option (chrome://settings/security).
In summary, this change marks a significant step forward in web security, where unencrypted connections will become the exception rather than the norm — with Chrome serving as a vigilant guardian of this transition.
