Google Chrome 90 will make HTTPS the default

Google Chrome
(Image credit: Shutterstock / Allmy)
Audio player loading…

Google will soon roll out a new version of its Chrome web browser (opens in new tab) that will automatically load all incomplete URLs via the more secure HTTPS protocol.

With current builds, if an incomplete URL is typed into the Chrome Omnibox (Google’s name for the URL bar), the browser will load the domain via HTTP. Typing in example.com, for instance, will take the user to http://example.com.

After the change has been introduced, however, Chrome will automatically funnel all unfinished URL queries to the corresponding HTTPS address (e.g. https://example.com), provided the website supports the newer protocol.

  • Here's our list of the best VPN (opens in new tab) services around
  • Check out our list of the best Windows 10 VPN (opens in new tab) services out there
  • We've built a list of the best business VPN (opens in new tab) services available

Last month, the change took effect for a small proportion of users with the Chrome 89 update. With testing now complete, HTTPS will be made the default protocol for half-finished URLs with Chrome 90, which is currently set for a full public release on April 13.

However, according to a Google blog post (opens in new tab), the change will not take effect for iOS users until a later date.

HTTPS on Chrome

For the uninitiated, HTTP (or Hypertext Transfer Protocol) is a protocol that allows a web browser to send a request to a web hosting (opens in new tab) server, as well as receive a response.

HTTPS (or Hypertext Transfer Protocol Secure) is the younger, more secure cousin of HTTP. It performs the same function, but uses TLS/SSL encryption to secure requests and responses, instead of sending information in plaintext.

Google has long been a proponent of HTTPS and has put in place a number of mechanisms to accelerate the transition to the newer protocol.

Chrome is already configured to upgrade full HTTP URLs typed into the browser to HTTPS whenever possible and also alerts users that are about to submit login credentials or credit card details on HTTP web pages.

The browser also blocks downloads from HTTP sources that sit underneath an HTTPS page, which prevents malicious actors from tricking victims into believing a download is coming from a secure source.

With Chrome 90, Google will patch up one of the few remaining avenues by which users might accidentally land on a less secure HTTP webpage.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.