Google’s push to make the web more secure by flagging sites using insecure HTTP connections appears to be working. The company announced today that 64 percent of Chrome traffic on Android is now protected, up 42 percent from a year ago. In addition, over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on ChromeOS a year ago. Windows traffic is up to 66 percent from 51 percent.
Google also notes that 71 of the top 100 websites now use HTTPS by default, up from 37 percent a year ago.
In the U.S., HTTPS usage in Chrome is up from 59 percent to 73 percent.
(Note: a better, more interactive version of this chart is available within Google’s Transparency report, here.)
Combined, these metrics paint a picture of fairly rapid progress in the switchover to HTTPS. This is something that Google has been heavily pushing by flagging and pressuring sites that hadn’t yet adopted HTTPS.
As you may recall, Google announced just over a year ago it would begin flagging all websites using insecure HTTP connections to transmit private information like passwords or credit information as “not secure” in the Chrome browser. It later expanded those protections to include when users entered any type of data on an HTTP page, including in Chrome’s Incognito mode.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
“HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP,” wrote Emily Schechter, of Chrome’s Security Team, at the time of the announcement.
Google says that HTTPS adoption is increasing around the world, too, including most recently on large Japanese sites like Rakuten, Cookpad, Ameblo, and Yahoo Japan. This shift has contributed to HTTPS in Japan surging from 31 percent to 55 percent over the last year, as measured on Chrome on Windows.
Other countries have seen bigger boosts as well, like Brazil’s climb from 50 percent to 55 percent.
Of course, Google isn’t the only company to credit with the shift away from HTTP. It’s been a combined effort from several major technologies, including Apple and Facebook. For example, Apple last year said it would require app developers to force HTTPS connections for iOS apps and Facebook’s Instant Articles are served over HTTPS. (Facebook had also made HTTPS the default for all users back in 2013.)
Google also noted today it’s pushing for HTTPS adoption through other means, too, including its recently announced managed SSL for Google App Engine, for example. It also started
securing entire top-level Google domains like .foo and .dev by default with HSTS (HTTPS Strict Transport Security.)
