Use Google Chrome For Secure Web Browsing

Martin Brinkmann
Jan 10, 2009
Updated • Dec 23, 2013
Google Chrome

One of the latest additions to the Google Chrome browser is the ability to force SSL. What this means is that the web browser will only open websites using the https protocol. Connections to insecure websites that only make use of the http protocol will not be initiated. Google Chrome will display the message that the webpage is not available in that case.

Why would someone want to force SSL in the web browser? The answer is easy: To increase security. This is an excellent way to deal with most phishing threats. Phishing sites are currently copying the looks and feels of popular financial sites. What they do not do is to make use of the https protocol, at least in most cases. This means that those phishing pages would not even be opened in Google Chrome as they are not making use of https.

Here is the idea. Create a Google Chrome profile that forces SSL and that is purely used for accessing sensitive sites. This could be PayPal, Gmail, the Bank of America website, or other financial sites and basically any site that is making use of the https protocol.

The ability to force SSL is only available in the latest developer's build of Google Chrome. Read the Google Chrome 2 release announcement article for information on how to obtain a copy.

The force SSL option has to be supplied as a parameter during startup. This can be done by appending --force-https to the Target row in the shortcut's properties.

Does anyone know if there is a similar option for Firefox or Opera?

Update: While still available as a startup parameter in Chrome, users of the web browser can alternatively make use of the excellent HTTPS Everywhere extension to force HTTPS on high priority websites.

For Firefox users reading this, the extension is also available for their browser.

Please note that forcing HTTPS connections may break some sites. Not only sites that do not support that at all, but also mixed-content sites that allow secure connections but load some data using HTTP connections.


Previous Post: «
Next Post: «


  1. Apps star said on July 26, 2012 at 12:29 pm

    I think firefox is better regardind secure web browsing.
    Here is a nice list of add-ons to secure your web browser :

  2. Jaimin Rajani said on October 1, 2011 at 2:07 pm

    Secure your Web Browsing Experience with Jumpto –

  3. F said on December 16, 2010 at 3:19 am

    This functionality doesn’t seem to be working any for me. Can anyone confirm if it still works?

  4. Andy said on January 11, 2009 at 9:23 pm

    You could take out all the sites in ‘included sites’ and set that to http://* to cover every site.

  5. kurt wismer said on January 11, 2009 at 7:58 am

    the noscript firefox extension is also capable of forcing https connections… it’s under the advanced tab in the options…

    1. Martin said on January 11, 2009 at 10:45 am

      Kurt I know about this setting but it is my understanding that normal sites are still opened when forcing ssl in NoScript.

  6. Andy said on January 11, 2009 at 5:14 am

    You can use this userscript with good old Greasemonkey:

    You have to configure the sites you visit that have https:// versions available (many are preconfigured). Not completely automatic, but still good.

    1. Martin said on January 11, 2009 at 10:46 am

      Andy that’s a nice script but still not the same as the Google Chrome option. Google Chrome will NOT open http sites at all when forcing SSL.

  7. Phao Loo said on January 11, 2009 at 1:41 am

    It’s a little bit slower than not active SSL because data will be encrypted before transfering. I think just active this if neccessary. Thanks.

  8. aircave said on January 10, 2009 at 10:02 pm

    if you know the https enabled sites you visit… how about using opera in kiosk mode and add the sites to the whitelist… all other sites are blocked.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.