Say goodbye to unsafe websites as Chrome makes key decision in your favor

Varun Mirchandani / Android Authority TL;DR Google Chrome will enable “Always Use Secure Connections” by default starting with Chrome 154 in October 2026. The browser will automatically try HTTPS first and warn users only when visiting new or infrequently visited public HTTP sites. Other browsers already offer similar modes, but Chrome’s scale makes this shift significant and could influence Chromium-based browsers as well. Google is making a major security shift in 2026. Beginning with Chrome 154 in October 2026, the browser will automatically enable the “Always Use Secure Connections” setting for everyone. Once active, Chrome will attempt to load every website over HTTPS first and warn users before visiting a public site that doesn’t support it. The feature has been available since 2022, but only as an optional toggle. Next year, it will become the default for the world’s most widely used browser, solidifying the web’s move into an HTTPS-first era. Google Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more. to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below. According to Google, the change is long overdue. Without HTTPS, attackers can intercept traffic, hijack navigation, or redirect users to malicious pages. These risks are made worse by the fact that many HTTP pages instantly redirect to HTTPS, leaving no time for a “Not secure” warning to appear. Additionally, Chrome’s transparency data shows HTTPS adoption rose from roughly 30-45% in 2015 to about 95-99% by 2020 before slowing, yet even a few remaining percent translate to millions of unsafe visits at Chrome’s scale. And because attackers only need one insecure connection to slip through, Google argues it can’t afford to ignore what’s left. Google Once the change rolls out, Chrome will quietly try HTTPS first for all navigations and only surface a warning when a public site cannot be upgraded. It will avoid pestering users repeatedly about the same HTTP page. Instead, it triggers alerts only when visiting a new or infrequently visited insecure site. Anyone who prefers to proceed without these warnings can still turn the setting off. As things stand, Google plans a phased rollout, beginning April 2026 with Chrome 147 for users already enrolled in Enhanced Safe Browsing, and extending to everyone else in Chrome 154 later that year. It’s worth noting that private sites, such as router pages or corporate intranets, are treated differently since attackers generally need to be on the same network to exploit them, so Chrome won’t warn about those by default. Instead, Google says it is working to make HTTPS adoption easier for private hosts, aided by features like the new Local Network Access permission that lets trusted HTTPS pages talk to local devices without triggering mixed-content blocks. Chrome isn’t the first browser to take this approach. Privacy-focused browsers like Tor, LibreWolf, and Mullvad already enforce secure-only modes out of the box. Brave Browser also offers HTTPS upgrades and even lets users choose how strict they want to be during setup. That said, the major difference is reach: None of those browsers comes close to Chrome’s scale. When Chrome flips a switch, the web tends to follow. And while Google hasn’t explicitly said whether the change will carry over to Chromium, many Chromium-based browsers will likely inherit the default. If so, a large portion of the global browser ecosystem could become more secure without individual vendors doing much at all. Google As a result, the larger effect is cultural as much as technical. Chrome enabling HTTPS-first mode for everyone turns secure browsing into a baseline expectation rather than a power-user choice hidden in settings. Most of the web already uses HTTPS, but those last few insecure clicks are still risky, especially on sketchy Wi-Fi. As such, Chrome’s plan is pragmatic: Nudge users away from unsafe sites without nagging them, and let power users switch it off if they insist. It’s not like the internet will suddenly break in 2026. However, your browser will just be harder to mess with, and that’s not a bad upgrade for a single buried setting. Follow