Google Chrome will no longer allow downloads over unencrypted HTTP connections

Although it has been pushing hard to transition to a more secure web environment where all sites are accessed over encrypted HTTPS connections, Google Chrome has exempted file downloads, which could still be sent over HTTP connections, from this rule.

Despite pressure from Google and other developers to encourage the use of HTTPS connections when accessing web pages, the requirements for downloads remained much more “relaxed”. Thus, most web administrators have been content to make the transition to HTTPS connections for the website only, adjusting download links to redirect to the old HTTP servers.

Starting in 2023, Google Chrome will automatically block download loads redirected over unencrypted connections, closing the last loophole for web administrators to delay the full transition to HTTPS servers. However, it’s worth saying that Google doesn’t completely ban such sites, leaving it up to users to decide whether they want to accept such connections, displaying an alert message for every download initiated via an unencrypted connection. Most likely, this will appear on the full screen, following the model displayed when accessing unsafe sites, with the hard-to-reach ignore option coming to “penalise” by decreasing download traffic and driving away loyal users.

The feature, still in the preparatory stage, could arrive in Chrome 111 at the earliest, scheduled for release in March 2023.