Google Chrome moves towards default routing to HTTPS but won’t vouch for the website even with a secure address?

Google Chrome HTTPS First Secured Website
HTTPS-first, but will not vouch for the security. Pic credit: GotCredit/Flickr

Google Chrome has an HTTPS-first mode in the latest beta version of the web browser. The Chrome v93 will automatically default to the secure website address, but won’t vouch for its security.

Google has confirmed that it will gradually move towards increased HTTPS adoption inside the chrome web browser. However, the search giant will be replacing the “lock” icon with a neutral indicator “to avoid confusion”.

Google won’t vouch for a website just because it has an HTTPS prefix:

Hypertext Transfer Protocol Secure or HTTPS is a successor to the old HTTP protocol. Technical jargon aside, it is a secured conduit that exchanges information between an Internet user and the website.

It is difficult, but not impossible, to eavesdrop on the communication taking place between a browser and a web server with HTTPS. In the early days of the Internet, the secure protocol was not common, but the situation has changed significantly.

All the major web browser makers stress visiting websites with HTTPS prefix instead of HTTP. In fact, Google Chrome goes the extra mile by alerting users with a “Not secure” message whenever it detects the website does not have an HTTPS address.

Interestingly, Chrome currently offers some reassurance about visiting a website with the HTTPS prefix. However, not every website with HTTPS in its address is safe, and Google apparently doesn’t want Chrome to be blamed for any mishap.

Hence, moving ahead, Chrome won’t have the lock icon in the address bar, which denotes the website has HTTPS enabled. Instead, Google is deploying a neutral indicator. The change is because the search giant doesn’t want users to automatically start trusting any website with a lock icon.

The Canary version of Chrome browser has a new security indicator, which is a simple downward arrow icon. The “Not secure” warning for HTTP websites will, however, continue. Additionally, Google is not changing the Page information which displays when users click on the indicator.

How to enable HTTPS Indicator in Google Chrome:

The redesigned HTTPS indicator is not available in any stable release of the Chrome web browser. Google will include the same in the Chrome v93.

Those who wish to enable the dropdown icon in the address bar for HTTPS sites must download Chrome Canary 93.0.4576.0 or later. Thereafter, visit chrome://flags/#omnibox-updated-connection-security-indicators and select ‘Enabled’.

Apart from the new security indicators, Google has also offered a more powerful Side Panel, which contains the Reading list and Bookmarks. The company has added context menus, which offer multiple actions.

Additionally, Google is also testing another security measure for PWAs (Progressive Web Apps). It will seek confirmation through a dialogue box from users whenever a PWA will change its name.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x