How to force Google Chrome to use HTTPS instead of HTTP whenever possible?
Shares
With the constant security threat we face as we browse the internet every day, it pays to lock things down adenine much as possible. With that in mind, how do you force Google Chrome to use HTTPS whenever possible ? today ’ s SuperUser Q & A post discusses some solutions to help a security-conscious reviewer achieve HTTPS satisfaction. nowadays ’ s interview and answer seance is brought to us by SuperUser, a subdivision of Stack Exchange, a community collection of question and answer websites .
The question
SuperUser reader Kiewic wants to know how to force Google Chrome to always use HTTPS alternatively of HTTP whenever possible :
many websites offer both versions ( HTTPS and HTTP ) like hypertext transfer protocol : //stackoverflow.com and hypertext transfer protocol : //stackoverflow.com for example. Is there a way to force Google Chrome to constantly try HTTPS before HTTP when entering something like stackoverflow.com in the address bar ?
How to force Google Chrome to always use HTTPS rather of HTTP whenever possible ?
The answer
SuperUser contributors paradroid and Omar have the answer for us. First of all, paradroid :
You can try the Extending HTTPS Anywhere for Google Chrome. ( Editor ’ randomness note : We recommend HTTPS Everywhere if you want to be sure that HTTPS is enabled wherever it is available. This reference is, however, less necessity than it was a few years ago, as more sites have enabled HTTPS by default option. )
follow-up to Omar ’ second reception :
Force HTTPS in Google Chrome Google is one of the more aggressive companies pushing for this to happen. here are respective ways to force HTTPS in Chrome to make certain your shop is a safe as possible. Start Google Chrome with HTTPS enable Google Chrome support by typing chrome : // net-internals / in your address browning automatic rifle, then blue-ribbon HSTS from the drop-down menu. HSTS is HTTPS Strict Transport Security, a way for websites to choose to constantly use HTTPS. Using this fructify, you can immediately force HTTPS for any domain you want and even “ pin ” the domain so that only a subset of more trust CAs are allowed to identify that sphere. The downside is that if you force a sphere that doesn ’ t have SSL at all, you won ’ t be able to access the web site. HTTP Strict Transport Security ( Chromium projects ) ( Editor ’ south notice : you can nobelium longer change this option yourself in Chrome. Website owners can still enable HSTS for their websites. ) Force HTTPS with the KB SSL Enforcer extension This extension will force HTTPS in Google Chrome for websites that support it. Keep in judgment that it is not wholly secure against the ill-famed Firesheep, but it significantly minimizes the risk. Due to limitations of Google Chrome, the KB SSL Enforcer propagation redirects the page while it is loading. You will see a promptly flicker of the unencrypted page, but it will redirect you deoxyadenosine monophosphate fast as possible. KB SSL Enforcer propagation home page Use the HTTP extension to force HTTPS in Google Chrome
The Use HTTP extension will force define sites to use HTTPS alternatively of HTTP. It comes preloaded with two defined sites : Facebook and Twitter. Like the former annex, the initial request is sent to websites not using HTTPS. Use the HTTPS elongation home page ( Editor ’ randomness note : this extension is nobelium longer available. )
Do you have something to add to the explanation ? Sound off in the comments. Want to read more answers from early tech-savvy Stack Exchange users ? Check out the full discussion thread here .