It’s not news that Chrome has long championed increased adoption of HTTPS to improve privacy and security on the web. One of the latest improvements it has made in this regard has been the implementation of an HTTPS-First mode, as well as experimenting in the address bar with a replacement for the lock icon.
According to Google, on most operating systems, more than 90 percent of page loads in Chrome are over HTTPS. Other users of the network, compared to HTTP, cannot intercept or alter any data or personal information shared over a connection.
The company has stated its intention to help make HTTPS the preferred protocol on the web by more effectively protecting the user on the remaining portion of the web that does not yet support HTTPS.
When the first expansion is implemented
In September 2021, and via an HTTPS-First mode implemented with Chrome 94. Each time a page is visited, it will initially attempt to load via HTTPS. On sites where this is not possible, Google’s browser will display a full page warning before connecting via HTTP.
The aim now is to make HTTPS-First the default mode for all users in the future. Likewise, Mozilla has stated that it intends to make HTTPS-only mode the future of web browsing in Firefox.
Goodbye to the padlock icon
Given that the vast majority of pages use HTTPS, Google will remove the padlock icon that appears to the left of URLs in Chrome’s multifunction box.
According to surveys, users tend to associate this icon with a trustworthy site. However, only the connection is secure. But despite the importance of this fact, studies have shown that only 11% of the participants were able to correctly identify the meaning of the lock icon.
Therefore, in an attempt to combat this confusion with the icon’s interpretation, Google wants to replace the padlock with a “more neutral entry point to page information”. Tests to implement this change are being piloted with a downward facing chevron / caret to open a menu that allows the user to set site permissions and view other details that may be of interest to them.
Note that a “Not Secure” indicator will continue to be displayed on sites without HTTPS support, and that Google’s experiment includes a corporate policy that applies to organisations that do not wish to participate.
Despite Google’s commitment to HTTP support in Chrome, it will do what is necessary to protect and inform users when using insecure connections. It will do so even if this means in some cases limiting or restricting functionality when such a questionable connection occurs. Security, first and foremost. Once again, good for Google.