Google is rolling out a major security change to Chrome 154 in October 2026. The browser will automatically attempt secure HTTPS connections for public websites. Sites that still use insecure HTTP will prompt users with a warning before loading.
What the Change Means for the Web
- Chrome’s “Always Use Secure Connections” setting will become the default for all users with version 154.
- Earlier in April 2026, Chrome 147 will enable the setting for users who have opted into Enhanced Safe Browsing , more than 1 billion users worldwide.
- Current public-site HTTPS adoption runs at about 95 – 99%, but the remaining HTTP sites are now on notice.
Why This Shift Matters for Site Owners
Even one unsecured HTTP page can trigger a warning in Chrome under the new rules. That may scare off visitors or reduce trust. Browsing over public Wi Fi, corporate networks, or other shared connections increases the risk of interception, man-in-the-middle attacks, or unwanted redirection.
For businesses and publishers, failure to migrate can mean lost traffic or poor user experience. Warnings before loading a site could deter users. Search engines and AI-powered tools may also treat HTTPS as a baseline signal of trust and security, influencing ranking, indexing, and visibility.
That is why doing a website audit for better AI visibility must become a top priority. A full website audit will uncover any HTTP-only pages, mixed content, outdated certificates, or insecure sub-domains. Fixing these now ensures compliance with the upcoming default setting and preserves seamless user experience.
What Website Owners Should Act On Immediately
- Inventory all public-facing pages and subdomains. Check which ones still use HTTP.
- Enable HTTPS with valid TLS/SSL certificates.
- Ensure internal links, resources, and assets (images, scripts, fonts) also load over HTTPS.
- Run a full website audit to catch mixed content, broken redirects, or performance issues.
- Test the site with Chrome’s “Always Use Secure Connections” mode enabled to see how it behaves before warnings go live broadly.
Anatolii Ulitovskyi, CEO at UNmiss says: “With Chrome moving to HTTPS-first by default, unsecured sites risk being locked out of modern traffic. In a world where over 1 billion Chrome users will encounter warnings by 2026, every website must adopt secure connections. A thorough website audit is not optional; it is the baseline for survival, trust, and visibility on the modern web.”