At present, most websites have enabled HTTPS encrypted access. Encrypted access can improve security and reduce the probability of network traffic being hijacked. However, there are still a very small number of websites that still use HTTP plaintext connections.

image-1-2025-10-29-08-12-47-35.png

For this reason, Google decided to enable the Always Use Secure Connection Policy by default starting from Chrome version 154 released in October 2026, explaining that the Chrome browser will only accept HTTPS websites, and if the user accesses an HTTP website, a pop-up window will appear for manual confirmation.

In the pop-up window, Google will remind the user that the website does not support secure connections. By default, Chrome will remind the user to return instead of continuing to access. Of course, if the user really needs to, they can still click the Continue button to continue loading the HTTP website.

In this case, the probability of a user accessing an HTTP website without knowing it is zero. After all, the pop-up prompt must be manually confirmed by the user every time. Google believes that this method can significantly improve the security of users accessing the network.

It is worth noting that Google will not repeatedly issue reminders for the same HTTP website. That is, if a pop-up window appears and manual confirmation occurs when the user visits for the first time, Google will allow it by default the next time he visits. When the user clears the browser data, he will need to confirm again.

In addition, starting from Chrome version 141, Google will enable Always Secure Connection by default for a small number of users as a test, which is used to verify the solution to improve security without popping up too many warnings. This test has currently completed data collection.

Google said that the data collected from the experiment shows that the number of pop-up warnings seen by any user is less than 3%, which means that users still have a certain probability of visiting HTTP websites, but the overall number is far lower than that of HTTPS websites.