Google Chrome will now default to HTTPS. We explain what this means
The latest updates for Google Chrome now means the popular Internet browser will default to the HTTPS protocol instead of the HTTP protocol. We discuss what all that means, and what HTTPS is.
When you type a website into the address bar of your browser, you probably type www.example.com, or maybe just example.com. The Internet browser recognises that what you typed in is a website, and automatically prefixes the appropriate Internet protocol in front of that website address. HTTP has always been the protocol used for surfing the World Wide Web, so www.example.com becomes http://www.example.com.
With modern browsers, this all happens behind-the-scenes. Most don’t even display the HTTP letters in the address bar anymore.
Sponsored Content. Continued below...
HTTP (HyperText Transfer Protocol, in case you were interested) is responsible for carrying the data between your device and the website you’re visiting. But it isn’t a secure protocol. It doesn’t encrypt any data that is transmitted. This could allow someone to potentially eavesdrop on the information being sent to-and-from you and the website. This means entering, for example, financial information into a website would be a terrible idea if the website uses the HTTP protocol, since someone could intercept that data as it travels from your device to the website. It’s called a Man-In-The-Middle Attack.
HTTPS solves this problem. The S stands for secure. To use the HTTPS protocol, a website needs to install something called an SSL certificate. This encrypts all data that is sent between your device and the website, so someone intercepting data between the two will not be able to read it.
If a website uses HTTPS, a padlock appears in the address bar, usually to the left of the web address. You can hover over it or click it to see more information about the webpage you’re on. This means information you enter into that webpage is encrypted before it leaves your device.
Sponsored Content. Continued below...
A change in default from HTTP to HTTPS
In the past when using Google Chrome, if you just typed in www.example.com or example.com, as we mentioned earlier, Chrome would automatically prefix HTTP in front of it. And if the website uses HTTPS, it would be up to the website (and its developers) to automatically redirect from HTTP to HTTPS.
So the following would happen…
1. User enters example.com into address bar.
2. Chrome adds prefix and leads visitor to http://example.com
3. Website wants visitors to use HTTPS, so redirects visitor from http://example.com to https://example.com
If a website doesn’t redirect to HTTPS itself (step 3) then the user would stay on the HTTP protocol, even if the website supports HTTPS.
If a website doesn’t use HTTPS, that last step (step 3) wouldn’t happen. These days however, the vast majority of websites support HTTPS (partly because Internet browsers had started flagging websites as insecure if they didn’t!)
But Google will now default to HTTPS instead with its latest release of the browser, Chrome 90. This will shorten the process of what happens. So now what occurs is the following…
1. User enters example.com into address bar.
2. Chrome adds prefix HTTPS, and leads visitor to https://example.com
And that’s it, providing the website – as most do – supports HTTPS. For websites that don’t support HTTPS, Chrome first tries using HTTPS, and if that fails will resort back to HTTP.
Sponsored Content. Continued below...
So now, if a website supports HTTPS but doesn’t automatically redirect visitors to HTTPS when the visitor arrived using HTTP, now they won’t have to, because their visitors will now be arriving with the HTTPS protocol already in tow.
And for websites that had to redirect from HTTP to HTTPS anytime someone visited their site, now they won’t have to. And that could lead to a performance and speed increase for website visitors.
It’s a step closer to a safer and more secure Internet, and with most websites now using HTTPS already, we expect most other Internet browsers will be following suit in the future.
The update to Google 90 is rolling out now, but won’t be available for all users at the same time.