PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

  • Home
  • About
    • Privacy Policy
  • Categories
    • Google+ Posts
    • Site news
    • Tech
      • Android
      • Apple
      • Chrome
      • Gadgets
      • Hacking
      • Linux
      • OSX
      • Privacy
      • Web Life
        • Bittorrent
        • Facebook
        • FireFox
        • GMail
        • Google
        • Google+
        • Twitter
        • WordPress
        • Windows
          • Windows 7
    • Google+: Getting Started Guides
    • Games
    • Meditation
    • Politics
    • Science
    • That’s freakin hilarious
  • Code
    • FreeImageZoom
    • Post Editor for Google+™
    • The Plus Editor
  • Contact
You are here: Home / Tech / Chrome / How to Force HTTPS in Chrome

How to Force HTTPS in Chrome

January 27, 2012 by Paul Spoerry Leave a Comment

Force HTTPS in Chrome for better security when browsing. There is an ever increasing awareness that more of the Internet should be accessed through secure protocols like SSL. Google is one of the more aggressive companies pushing to make this happen. Here are several ways you can force HTTPS in Chrome to ensure your browsing is as safe as possible.

 Why Force HTTPS in Chrome?

HTTPS encryption’s purpose is to provide security, confidentiality, and integrity while browsing. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. You’re used to seeing HTTPS when shopping online or using your bank’s online portal. However, many sites with which you send personal information do not encrypt their communication between their servers and your browser. While you may intend to share something, a photo, a status update, or an email, you may unintentionally be sharing other information when you don’t force HTTPS in Chrome. It’s the difference between someone viewing your profile and taking control of your keyboard.

Sniffing attacks when using public hotspots are becoming more and more prevalent thanks to simple to use tools like WireShark, HTTPSniffer, and FireSheep enables mouse-click hacking for sites like Amazon, Facebook, Twitter and others. It should also be noted that sites force HTTPS in Chrome (or any other browser) during login. Web apps that use HTTPS for login/authentication protect your password, but if they use regular HTTP after you log in, they’re not protecting your privacy or your temporary identity.

Force HTTPS in Chrome with a startup parameter

Recent releases of Chrome support typing chrome://net-internals/ into your address bar, and then include HSTS menu item. HSTS is HTTPS Strict Transport Security: a way for sites to elect to always use HTTPS.  HSTS is supported in Google Chrome, Firefox 4, and the popular NoScript Firefox extension and a few popular sites use it (See http://dev.chromium.org/sts for more info). Using this setting you can now force HTTPS for any domain you want, and even “pin” that domain so that only a more trusted subset of CAs are permitted to identify that domain.  The downside is that if you force a domain that does not have SSL at all you won’t be able to get to the site.

force https in chrome

Force HTTPS in Chrome with KB SSL Enforcer extension

This extension will force HTTPS in Chrome for websites that support it as much as currently possible in Chrome. It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. Due to Chrome limitations KB SSL Enforcer redirects while the page is loading. This can give a quick flicker of the unencrypted page, but it redirects you as fast as possible. See the details section on the Chrome Web Store for details on complete enforcement and when this will be possible.

Download: KB SSL Enforcer

Use HTTP extension to Force HTTPS in Chrome

Use HTTP will forces defined sites to use HTTPS instead of HTTP. It comes preloaded with two defined sites: Facebook and Twitter. Like the previous extension the initial request is sent to site not using HTTPS.

Download Use HTTPS

  • force https in chrome Download Chrome
  • force https in chrome Chrome Web Store
  • force https in chrome YouTube Channel
  • force https in chrome Support
  • 50 Web Tools for the Paranoid or Security Conscious
  • Force HTTPS in Facebook

Filed Under: Chrome, Privacy, Tech Tagged With: download, enforcer, https, not, to

About Paul Spoerry

I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.

I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.

I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.

I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2023 · Epik on Genesis Framework · WordPress · Log in