How do You Force Google Chrome to Use HTTPS Instead of HTTP Whenever Possible?


With the constant security threats we face while browsing the Internet each day, it pays to lock things down as much as possible. With that in mind, how does one force Google Chrome to use HTTPS whenever possible? Today’s SuperUser Q&A post discusses some solutions to help a security-conscious reader get HTTPS satisfaction.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

The Question

SuperUser reader kiewic wants to know how to force Google Chrome to always use HTTPS instead of HTTP whenever possible:

Many websites offer both versions (HTTPS and HTTP) like and for instance.

Is there any way to force Google Chrome to always try for HTTPS first before HTTP when typing something like in the address bar?

How do you force Google Chrome to always use HTTPS instead of HTTP whenever possible?

The Answer

SuperUser contributors paradroid and Omar have the answer for us. First up, paradroid:

You could try the HTTPS Everywhere extension for Google Chrome.

Followed by the answer from Omar:

Force HTTPS in Google Chrome

Google is one of the more aggressive companies pushing to make this happen. Here are several ways you can force HTTPS in Chrome to ensure your browsing is as safe as possible.

Start Google Chrome with HTTPS

Enable Google Chrome support by typing chrome://net-internals/ into your address bar, then select HSTS from the drop-down menu. HSTS is HTTPS Strict Transport Security, a way for websites to elect to always use HTTPS. Using this setting, you can now force HTTPS for any domain you want and even “pin” the domain so that only a more trusted subset of CAs are permitted to identify that domain. The downside is that if you force a domain that does not have SSL at all, you will not be able to access the website.

HTTP Strict Transport Security (The Chromium Projects)

Force HTTPS with the KB SSL Enforcer Extension

This extension will force HTTPS in Google Chrome for websites that support it. Keep in mind that It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. Due to Google Chrome’s limitations, the KB SSL Enforcer extension redirects the page while it is loading. You will see a quick flicker of the unencrypted page, but it redirects you as fast as possible.

KB SSL Enforcer Extension Homepage

Use HTTP Extension to Force HTTPS in Google Chrome

The Use HTTP extension will force defined sites to use HTTPS instead of HTTP. It comes preloaded with two defined sites: Facebook and Twitter. Like the previous extension, the initial request is sent to websites not using HTTPS.

Use HTTPS Extension Homepage

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .