Chrome Defaults to Secure Website Version

John Lister's picture

Google Chrome will now look for a secure version of a website first by default. It could mean a tiny delay accessing some sites, but should nudge more sites to increase security.

The change to the browser involves how it handles cases where users simply type in the domain (such as infopackets.com) rather than the full website address (such as http://www.infopackets.com or https://www.infopackets.com). The browser being able to convert one to the other makes it much quicker to type website addresses and allows browsers to use a single space for users to input both website addresses and search terms.

Until now Chrome's default when making this conversion was to try the http:// version of the address, thus connecting to the insecure version of a site if one exists. This means data goes back and forth between the user and the site in an unencrypted form that could potentially be intercepted and read, sometimes without anyone's knowledge.

HTTP On Way Out

From the start of 2021 Chrome will instead try the https:// version of the address, thus connecting to the secure version of the site, again if one exists. In this case the data to and from the site is encrypted, greatly reducing the chances of anyone who intercepts the data being able to read it. (Source: sophos.com)

Https has always been the recommended option for pages which inherently involve transferring sensitive data, for example when submitting a form or accessing an online account. Many online players, including Google, would eventually like all sites to only use https and ditch http altogether.

Secure Becomes Faster

It's always been a bit of a chicken-and-egg situation as whichever version of an address (http or https) Google tries first. Google now believes https is becoming the norm and it makes more sense to have http-only sites be the ones that are potentially slower to load. (Source: ghacks.net)

This could mean site owners which pay close attention to their site analytics will be inspired to finally make the change. It also means sites which currently offer both http and https versions will start to see a much higher proportion of users connecting through https, making them more comfortable in ditching the http version.

What's Your Opinion?

Is this a smart move by Google? Do you pay much attention to whether a website uses an https connection? Do you type website addresses in full or just the domain name?

Rate this article: 
Average: 4.7 (11 votes)

Comments

ferretsgold's picture

All the browsers should use this procedure. In todays environment the http should be done away with. There is no good reason to keep it. I will not go to any site for any reason if it does not have https.

bob_baer's picture

Well really it should have been done about 20 years ago, but processors have been plenty fast enough and bandwidth large enough for it to have been done at least five years ago. Finally!