Force HTTPS in Chrome for better security when browsing. There is an ever increasing awareness that more of the Internet should be accessed through secure protocols like SSL. Google is one of the more aggressive companies pushing to make this happen. Here are several ways you can force HTTPS in Chrome to ensure your browsing is as safe as possible.
Why Force HTTPS in Chrome?
HTTPS encryption’s purpose is to provide security, confidentiality, and integrity while browsing. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. You’re used to seeing HTTPS when shopping online or using your bank’s online portal. However, many sites with which you send personal information do not encrypt their communication between their servers and your browser. While you may intend to share something, a photo, a status update, or an email, you may unintentionally be sharing other information when you don’t force HTTPS in Chrome. It’s the difference between someone viewing your profile and taking control of your keyboard.
Sniffing attacks when using public hotspots are becoming more and more prevalent thanks to simple to use tools like WireShark, HTTPSniffer, and FireSheep enables mouse-click hacking for sites like Amazon, Facebook, Twitter and others. It should also be noted that sites force HTTPS in Chrome (or any other browser) during login. Web apps that use HTTPS for login/authentication protect your password, but if they use regular HTTP after you log in, they’re not protecting your privacy or your temporary identity.
Force HTTPS in Chrome with a startup parameter
Recent releases of Chrome support typing chrome://net-internals/ into your address bar, and then include HSTS menu item. HSTS is HTTPS Strict Transport Security: a way for sites to elect to always use HTTPS. HSTS is supported in Google Chrome, Firefox 4, and the popular NoScript Firefox extension and a few popular sites use it (See http://dev.chromium.org/sts for more info). Using this setting you can now force HTTPS for any domain you want, and even “pin” that domain so that only a more trusted subset of CAs are permitted to identify that domain. The downside is that if you force a domain that does not have SSL at all you won’t be able to get to the site.
Force HTTPS in Chrome with KB SSL Enforcer extension
This extension will force HTTPS in Chrome for websites that support it as much as currently possible in Chrome. It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. Due to Chrome limitations KB SSL Enforcer redirects while the page is loading. This can give a quick flicker of the unencrypted page, but it redirects you as fast as possible. See the details section on the Chrome Web Store for details on complete enforcement and when this will be possible.
Download: KB SSL Enforcer
Use HTTP extension to Force HTTPS in Chrome
Use HTTP will forces defined sites to use HTTPS instead of HTTP. It comes preloaded with two defined sites: Facebook and Twitter. Like the previous extension the initial request is sent to site not using HTTPS.
Download Use HTTPS