Skip to main content

Chrome getting HTTPS-First Mode as Google plans to replace the address bar lock icon

Over the years, Chrome has been a big proponent of increasing HTTPS adoption to improve privacy and security on the web. The latest Chrome steps include rolling out an HTTPS-First Mode and experimenting with a replacement for the lock icon in the address bar.

Google reports over 90% of page loads in Chrome on most operating systems occur over HTTPS. Compared to HTTP, others on the network cannot intercept or alter personal information or any other data that’s shared over a connection.

The company believes “there’s more we can do to help make HTTPS the preferred protocol on the web, and better protect users on the remaining slice of the web that doesn’t yet support HTTPS.”

The first expansion is an HTTPS-First Mode that will start rolling out with Chrome 94 in September. All page visits will first try to load over HTTPS. On sites that don’t work, the Google browser will show a full-page warning before connecting over HTTP. 

Based on ecosystem feedback, we’ll explore making HTTPS-First mode the default for all users in the future. Mozilla has also shared their intent to make HTTPS-only mode the future of web browsing in Firefox.

Meanwhile, with most pages using HTTPS, Google wants to retire the lock icon that appears to the left of URLs in the Chrome Omnibox:

In particular, our research indicates that users often associate this icon with a site being trustworthy, when in fact it’s only the connection that’s secure. In a recent study, we found that only 11% of participants could correctly identify the meaning of the lock icon.

Google wants to “reduce this confusion” by running an experiment with Chrome 93 later this month to replace the padlock with a “more neutral entry point to Page info.” Google is currently trying a downward-facing chevron/caret to open the menu that lets users set site permissions and see other details. 

Importantly, a “Not Secure” indicator will continue to show on sites without HTTPS support, and the experiment includes an enterprise policy in case organizations want to opt-out. In all cases, we’ll provide advance notice if we decide to move ahead with a full launch.

Google today committed to HTTP support in Chrome, but will take steps to “protect and inform users whenever they are using insecure connections.” This might include limiting or restricting features on the insecure connection.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications