Google is phasing out HTTP and will make HTTPS mandatory in its Chrome browser next year.
Google is boosting its security once more: starting with Chrome version 154, scheduled for October 2026, the browser will automatically switch to secure connections for all public websites. With this, Google aims to eliminate the last bit of unencrypted HTTP traffic.
HTTPS as the New Minimum Standard
Today, 95 to 99 percent of all navigation in Chrome already occurs via HTTPS. However, an HTTP page remains sufficient for attackers to redirect connections, inject malware, or mislead users. HTTPS is much more secure. Chrome already displays warnings for insecure sites and has been trying to load HTTPS versions by default since 2021. The optional setting Always use secure connections is now becoming mandatory.
On private networks, such as corporate networks, HTTP will remain allowed. Certificates for internal addresses are difficult to roll out, and traffic remains within the local environment. The risks there are smaller, but not non-existent: attacks are then only possible from within the network.
Early Rollout
Those who have enabled Optimized security will receive the change as early as April 2026 with Chrome version 147. Upon a first visit to an HTTP site, the browser explicitly requests permission for the connection. This is not the only new security feature Google is introducing, as the tech giant recently announced AI in Drive for desktop to detect ransomware attacks.