You’re going to start seeing more warnings in Chrome when accessing insecure sites. Starting next October, Chrome will soon warn users when they visit a public website without an encrypted HTTPS connection.
Chrome already issues a “Your connection is not private” message when you visit pages that have an HTTPS connection that’s misconfigured. But this will expand the warnings to websites that don’t use HTTPS at all.
Google first offered insecure connections warnings for HTTP pages in 2021, but users had to opt in to see them. HTTPS — or Hypertext Transfer Protocol Secure — uses encryption to establish a secure connection with a website, preventing bad actors from snooping on the private information you enter.
HTTPS connections now make up around 95 to 99 percent of connections, Google says. “This level of adoption is what makes it possible to consider stronger mitigations against the remaining insecure HTTP,” Google writes in its announcement.
The company notes that “the largest contributor to insecure HTTP” is private websites, adding that it remains complicated for them to get an HTTPS certification. “HTTP navigations to private sites can still be risky, but are typically less dangerous than their public site counterparts because there are fewer ways for an attacker to take advantage of these HTTP navigations,” Google says.
Before making HTTPS the default for everyone, Google plans on rolling out the change to people who have enabled Enhanced Safe Browsing protections in Chrome starting in April 2026. Google adds that users will still be able to disable HTTP warnings by turning off the “Always Use Secure Connections” setting.
