Google Chrome version 90 will try HTTPS first when the user does not provide a complete URL in the address bar. For Example: when a user types any domain say “example.com” the chrome will load it as “https://example.com.” and if the site lacks SSL/TLS certificates and HTTPS fails, the site will revert back to HTTP.
It is obvious that using SSL Certificate (HTTPS) with your website is faster and improving loading speed and a way to make your website more secure than using the default protocol – HTTP. And google, after recognizing that users mostly type incomplete URLs when searching for websites, decided to fill the gap between security and user experience this year. Their latest chrome update version 90 will try using HTTPS by default when the user provides an incomplete URL in the website address without specifying the protocol.
The chrome will directly connect to the HTTPS endpoint without the need to redirect from http:// to https://. Those websites which are not secured with SSL/TLS certificates or do not support HTTPS, the chrome will fall back to HTTP when the HTTPS attempts fail including the situation when there are certificate errors like name mismatch or connection errors – DNS resolution failure. Initially, the change will be seen on Chrome Desktops and Chrome for Android in version 90, following Chrome on iOS soon after.
When users manually type the domain or URL without specifying the protocol i.e., http:// or https:// in the latest version of Chrome (Chrome 90), the browser will try to load the site automatically using HTTPS. It means that if someone types any domain say “example.com” in the browser, Google Chrome will load the site as “https://example.com instead of “http://example.com” and if the site lacks SSL/TLS certificates and HTTPS fails, the site will revert back to HTTP.
Google, initially, would try to load all web pages using HTTP by default as HTTPS as this would result in a “Not Secure” warning which does not look good displaying on the site. Also, this would drove away many potential customers for many businesses.
Google’s move to using HTTPS as the default method for loading websites is good as it assumes most of the sites are secured websites with SSL/TLS certificates and to some extent it is true. Now the question arises – loading websites that are not using SSL/TLS certificates will have a negative impact? The answer is NO. those websites will still load as HTTP. It is just that chrome is trying to load those websites with HTTPS first and if it fails, the websites will fall back to HTTP to load the site.
Chrome assumes that its users want to keep their data secure: Google assumes that users who are browsing for different websites on chrome want to keep their data secure using encryption. That would be a good assumption on Google’s part as the insecure connection can result in costly data breaches.
Security as one of the top priorities: Google believes that security is one of its top priorities. And with this, it believes that strong encryption is fundamental to the safety and security of all users and their sensitive data.
Majority of all traffic already uses HTTPS: Considering the fact that around 95% of web traffic relies on HTTPS, connecting to the secured protocol HTTPS is a good option. It is a faster way to connect with the protocol and improving loading speed as the server does not need to wait.
When data transmitted via HTTP, it is moving in plain text format that cybercriminals can intercept, read, or steal the data or information that they can use further to carry out various frauds and a variety of other cybercrimes.
On the other hand, when you are using HTTPS, the data is protecting and encrypted and is safe from the hands of unauthorized access. A secured connection also helps to build the user’s trust as they know that they are connecting and interacting to a legitimate site.
Connecting directly to HTTPS protocol helps in improving site loading time as it eliminates the unnecessary steps for the secured sites on google chrome as the server need not wait to redirect from HTTP to HTTPS. Using HTTPS to load HTTPS enabled websites results in improving site loading time and makes the user experience better.
For those websites that do not support HTTPS, the browser will try to load them with HTTPS by default. When this does not work, it redirects back to HTTP as a result of no SSL/TLS certificate installed on your website, or other issues related to SSL Certificate errors.
This move towards making HTTPS a primary step rather than a secondary one in loading the websites is to decrease the chances of cybercrime and data breaches. HTTPS enables websites to protect the sensitive data of the users by encrypting data and traffic sent over the network so that it cannot be intercepted or modified by attackers or cybercriminals.
If HTTPS is already enabled for your website, then nothing is going to change for you and your users and chrome is already loading your website using the secured platform.