Google to Bring HTTPS-First Mode to Chrome Browser

Google has confirmed plans to add HTTPS-First Mode to its Chrome browser starting in version M94 and is re-examining the lock icon that browsers usually show when a website loads over HTTPS.

The idea is to protect people from having their information leaked to eavesdroppers who can't intercept data shared over HTTPS. The HTTPS-First Mode will attempt to upgrade all page loads to HTTPS and display a warning before loading sites that don't support it. Based on feedback, Google may decide to make HTTPS-First the default mode for all Chrome users. 

Google is also reconsidering the lock icon that typically appears in the browser when a website loads over HTTPS. People often associate this icon with a website being trustworthy, its research shows, but a secure connection does not necessarily mean a website itself is safe. Only 11% of survey respondents knew the meaning of the lock icon, Google reported in a blog post.

In M93 of Google Chrome, the company will swap out the lock for "a more neutral entry point to Page Info," which will display as an arrow people can click to learn more about the website certificate, settings, and whether it uses cookies. It hopes this will encourage users to discover privacy and security information and controls located under "Page Info." A "Not Secure" sign will still appear on websites that do not support HTTPS.

Chrome isn't the only browser doubling down on HTTPS. Mozilla introduced HTTPS-Only mode in Firefox 83, a version of its browser that rolled out late last year. HTTPS-Only mode tries to create fully secure connections to every website and requests user permissions before connecting to a site that does not support HTTPS.

Read the full Chromium blog post for more information.