Google Chrome Will Make HTTPS Default in October 2026

Google announced that Chrome will default to “Always Use Secure Connections” for all public sites in one year with the release of Chrome 154. With “Always Use Secure Connections" enabled, Chrome will ask the user’s permission to access public sites without HTTPS.

Written by Jackie Leavitt (Editor at Large)

Reviewed by Aleksander Hougen (Chief Editor)

Last Updated: 04 Nov'25

Rolling out HTTPS by default for Chrome will be a staged process, according to Google’s blog post about the changes. In 2022, Chrome allowed users to opt in to “Always Use Secure Connections.”

Next it will enable these security settings with the release of Chrome 147 in April 2026 for over 1 billion users who have opted in to Chrome’s Enhanced Safe Browsing protections. Then with the release of Chrome 154, Google will default to “Always Use Secure Connections” for public sites.

Why HTTPS in 2026

Private sites remain the largest contributor to insecure HTTP because acquiring an HTTPS certificate remains complicated due to the “non-unique” nature of private names; they can refer to different hosts on different networks.

Google’s decision behind making it the default in 2026 came from studies about how the change would negatively impact users who tried to access HTTP sites.
According to Google’s HTTPS Transparency Report, HTTPS adoption across operating systems since 2015 have risen from 30-45% in 2015 to 95-99% in 2020; since then the progress has plateaued.

HTTPS adoption since 2015 by operating system, including private and public sites. (Source: Google)

When you exclude private site navigation from the numbers, HTTPS use across operating systems clusters between 97% to over 99%: Linux goes from 84% to nearly 97%, Windows goes from 95% to 98%, and both Android and Mac goes to over 99%.

To determine the amount of warnings users might see with the new HTTPS default setting, Google experimented with Chrome 141, enabling “Always Use Secure Connections” for public sites for a small percentage of users — the number of warnings seen was lower than 3% of navigation, with the median seeing fewer than one warning per week, and over 95% seeing fewer than three warnings per week. This means the impact on users will be minimal.

Why HTTPS Is Important

Both HTTP and HTTPS are protocols used for internet data transfer, but HTTP is the secure, encrypted version using SSL/TLS. HTTP sends data in plain text — unencrypted — which makes it vulnerable to interception.

With HTTPS enabled by default, Chrome users will know any link they click will be secure — or they will get a warning. The danger in clicking an HTTP link without encryption is that attackers could hijack the navigation and load resources that expose them to malware, social engineering attacks or targeted exploitation. Enabling HTTPS by default is a win for online security for Chrome users.