FIX Chrome HTTPS Warning in Chrome 147 — 5 Fixes (2026)

Key takeaways

• Chrome 147 warns before loading HTTP sites. Not a virus. New security feature rolling out April 7, 2026.
• 95% of public websites already use HTTPS. The warning only triggers on old, unmaintained, or local-network sites.
• Click “Continue to [site] (unsafe)” to proceed once. To disable permanently, go to Settings > Privacy and security > Security.

You clicked a bookmark or typed a URL and Chrome stopped you cold. Full-page warning. Orange padlock with an X. “Your connection is not private” vibes, but different. It says something about the site not supporting a secure connection. Nothing crashed. Your internet works. The site you wanted to visit is probably fine.

Chrome 147, releasing April 7, 2026, enables HTTPS-First mode automatically for anyone using Enhanced Safe Browsing, roughly one billion Chrome users. Chrome now upgrades every navigation to HTTPS first and shows a warning page before falling back to HTTP. The feature is well-intentioned. The rollout was also guaranteed to cause a wave of confused support tickets.

Quick Diagnosis

Match your symptom to the right fix before spending time on the wrong one:

Fix 1: Click Through for One Site

The fastest path. Chrome’s warning page has a small text link at the bottom right.

1. On the warning page, look for “Advanced” or scroll down to find “Continue to [site name] (unsafe)”.
2. Click it. Chrome loads the HTTP site for this session.
3. The next time you visit that URL, Chrome will warn you again unless you add a permanent exception (covered in Fix 3).

Use this when you recognize the site and trust it: a specific old tool, a local hobbyist page, or an internal app your team knows is safe. Do not click through on unknown sites asking for logins or payments.

Fix 2: Use the IP Address for Local Devices

Router admin panels and some network-attached devices use HTTP on their local IP address. Chrome 147 exempts private IP ranges entirely, but only when you navigate to the IP directly. Typing a hostname that resolves to a local IP can still trigger the check.

1. Find your router’s local IP address. On Windows: open Command Prompt, run ipconfig, look for Default Gateway. On macOS: open Terminal, run netstat -nr | grep default.
2. Common addresses: 192.168.1.1, 192.168.0.1, 10.0.0.1.
3. Type that IP directly into Chrome’s address bar: http://192.168.1.1
4. Chrome skips the HTTPS warning for private network addresses.

Bookmark the IP address for future access. This requires zero setting changes and works permanently.

Fix 3: Disable HTTPS-First Mode Globally

If warnings are appearing on multiple sites and you want Chrome to stop asking entirely:

1. Open Chrome and go to chrome://settings/security
2. Scroll down to the Advanced section.
3. Find “Always use secure connections” and toggle it off.
4. No restart needed. Takes effect immediately on the next navigation.

This restores pre-Chrome 147 behavior. Chrome will still show the padlock indicator for HTTP sites, but it will not block navigation or show a full-page warning.

Consider this setting if you regularly use internal tools, legacy web apps, or HTTP-based developer servers. For general public browsing, leaving the feature on provides real protection on the minority of sites that never added HTTPS.

Fix 4: Corporate Intranet Fix

If your company intranet is now blocked and you cannot disable Chrome settings yourself (managed devices), there are two paths.

Option A — Ask IT to add HTTPS. A self-signed certificate plus adding it to the corporate trust store is a day of IT work, not a project. This also fixes the issue for all employees simultaneously.

Option B — Use Chrome’s managed policy. Chrome supports the HttpsOnlyMode policy that IT can set to allowed (show warning, user can click through) rather than force_enabled. Managed Chrome deployments can also use HttpAllowlist to whitelist specific intranet domains. Your IT team can push these via Group Policy (Windows) or a configuration profile (macOS).

Option C — Navigate by IP address. Same approach as Fix 2. If the intranet server is on a private IP range, navigating by IP bypasses the HTTPS check entirely.

Fix 5: Verify Your Chrome Version

Chrome 147 ships April 7, 2026. The stable channel rolls out gradually over two weeks, so not everyone sees it on day one. If you see the warnings but others on the same network do not, you are likely on a faster-updating channel.

1. Open chrome://settings/help to see your current version.
2. Chrome 147.x.x.x means HTTPS-First is active for your profile if Enhanced Safe Browsing is on.
3. Chrome 154 (October 2026) is the full rollout to all users, regardless of Safe Browsing setting.

There is no supported downgrade path for Chrome stable. Disabling HTTPS-First mode (Fix 3) is the practical alternative to waiting for a version rollback.

Understanding What Changed and Why

Chrome’s HTTPS-First mode is not a bug. It was announced in the Chromium blog and has been in testing since Chrome 94 for manually opted-in users. The April 2026 expansion to Enhanced Safe Browsing users is the first large-scale automatic rollout.

The numbers behind it: 95% of page loads in Chrome already use HTTPS. The 5% that remain on HTTP include old personal sites, legacy internal tools, and some older e-commerce platforms that never migrated. HTTPS-First mode targets the fraction of that 5% that handles sensitive data over plaintext: login forms, checkout pages, admin panels.

For the vast majority of HTTP sites users will encounter (static pages, old documentation, archived content), the risk is theoretical rather than active. Someone on the same network would need to be actively intercepting traffic to exploit an unencrypted connection. The Chrome warning does not distinguish between “static read-only page” and “login form.” It fires on any HTTP URL.

The timeline: Chrome 147 affects Enhanced Safe Browsing users (roughly 1 billion). Chrome 154 in October 2026 is the full rollout to all Chrome users. If you are on a managed enterprise device, your IT policy likely controls whether the feature applies to you at all.

Browser Performance and Security Together

Chrome’s HTTPS-First mode adds a layer of network security. A different layer worth pairing it with is reducing what Chrome loads in the first place. SuperchargePerformance blocks trackers and ad scripts using 186K+ rules from 22 sources before they reach your browser. Many of the scripts that would run on HTTP pages get blocked regardless of whether the connection is encrypted. Free core, no account required, zero telemetry.

If your main concern after reading this is just the warning itself on a specific old site you trust, Fix 1 or Fix 3 handles it in under a minute. The extension is worth considering if you want to reduce overall browser overhead across every site you visit.