Google is working on an ‘HTTPS-Only Mode’ for Chrome. HTTPS-Only mode will upgrade all your connections to the secure HTTPS protocol.

Update: This feature is now available in the Canary channel of Google Chrome.

HTTPS-Only Mode

In a future version of Chrome, you will see a new option under security settings:

Always use secure connections: Upgrade all navigations to HTTPS and warn you before loading sites that don’t support it

This is Google Chrome’s HTTPS-Only mode, a new security feature the team is currently working on. If you are a Mozilla Firefox user, you will be familiar with this feature.

Mozilla introduced an HTTPS-only mode with Firefox version 83.

The Flag

A new experimental flag showed up in Chromium Gerrit this morning:

HTTPS-Only Mode Setting: Adds a setting under chrome://settings/security to opt-in to HTTPS-Only Mode.

The feature request bug for HTTPS-only mode is public, but does not give away much. Google has also guarded the design document behind their internal URL shortner service. So no luck there as well.

Summary

HTTPS-only is defnitely going to be a huge improvement to Google Chrome’s security. If you already use an extension to force HTTPS on websites, this should make you happy.

For those who do not know about such a possibility and its advantages, HTTPS-only mode will add an additional layer of security without any user action. I am saying this with the assumption that HTTPS-only mode will be enabled by default.

What’s your take? Do you think Google should have launched this earlier? Or is the timing correct because we had to wait for majority of the web to switch to HTTPS-first? Let me know your thoughts in the comments section below.

Source: Chromium Gerrit.