Seeing the “NET::ERR_CLEARTEXT_NOT_PERMITTED” error in Chrome? This indicates that the site you are trying to visit is using HTTP instead of HTTPS, and Chrome is blocking access to insecure HTTP content.
But don’t worry, cause we’ve got you covered. In this guide, we’ll explain what causes this error and the various ways you can resolve it. So stick with us till the end to get rid of this nasty error
Understanding HTTPS vs HTTP
To understand this error, you first need to know the difference between HTTP and HTTPS:
- HTTP is unsecured while HTTPS uses SSL encryption.
- HTTPS connections are considered safe and private.
- HTTP has no protections against snooping or tampering.
- Chrome is deprecating HTTP due to privacy and security flaws.
So in general, all sites should be switching to HTTPS if possible.
What Causes the NET::ERR_CLEARTEXT_NOT_PERMITTED Error?
This error occurs when a website is loaded over plain HTTP instead of encrypted HTTPS. Modern browsers like Chrome are increasingly blocking access to insecure HTTP sites to protect users.
Some common reasons you may encounter this error include:
- The site does not support HTTPS at all.
- The site has an HTTPS version but you accessed it via HTTP.
- You clicked an HTTP link instead of HTTPS.
- There are insecure resources loaded on an HTTPS page.
Basically, any HTTP request blocked by Chrome will show this error, encouraging the use of secure HTTPS connections.
How to Fix NET::ERR_CLEARTEXT_NOT_PERMITTED
Here are some effective ways you can potentially resolve or bypass the NET::ERR_CLEARTEXT_NOT_PERMITTED error:
Access the Site via HTTPS
Try entering the site’s URL using HTTPS instead of standard HTTP to load the secure version if available. For example, instead of http://www.example.com, enter https://www.example.com to enforce HTTPS. Check if the site has HTTPS enabled on their end that you can leverage.
Click HTTPS Links
When navigating within a site, carefully click on HTTPS hyperlinks instead of HTTP ones if the site has both versions available. For sites with mixed content, always choose HTTPS links to avoid Chrome’s HTTP blocking. Check for the padlock icon on secure links.
Allow HTTP in Chrome
You can optionally disable Chrome’s HTTPS-only mode via the site settings or flags to re-enable access to HTTP URLs. However, this will lower your security when visiting plain text sites. Only use this method for trusted sites and remember to re-enable it after.
Use Incognito/Private Browsing
Launching Chrome in incognito or private browsing mode will avoid the HTTP blocking error since security restrictions are relaxed. This works as a temporary workaround to access HTTP sites you trust. Exit incognito when done for full security.
Use Another Browser
Consider accessing the problematic site in Firefox or another browser that still fully supports unsecured HTTP addresses. Chrome-based browsers may block HTTP as well, so check browser requirements. Only use browsers with plain HTTP access as a temporary measure.
When to Allow HTTP in Chrome
There are some cases when it may make sense to bypass Chrome’s HTTP blocking:
- If you own the site and are certain it contains no sensitive info.
- To temporarily access a site you trust that hasn’t implemented HTTPS.
- For localized network devices that only work over HTTP.
- When testing sites under development that don’t have valid SSL certificates.
Otherwise, it’s best just to avoid plain HTTP sites when possible.
How Sites Can Migrate to HTTPS
For website owners who want to switch to HTTPS to resolve this error for visitors, here are a few options:
- Get an SSL certificate and set up HTTP to HTTPS redirects.
- Change hardcoded HTTP links to protocol-relative or HTTPS.
- Update server configs and code to use HTTPS by default.
- Implement HSTS to always redirect HTTP to HTTPS.
- Remove insecure resources like third-party HTTP embeds.
- Test rigorously and switch the site to HTTPS fully.
Conclusion
The NET::ERR_CLEARTEXT_NOT_PERMITTED error may temporarily block access to sites, but it’s for good reason – to increase web security. While frustrating, this error highlights the insecure sites still using plain HTTP that need to migrate to encrypted HTTPS connections.
As Chrome continues its plan to deprecate unsecured HTTP in favor of HTTPS, site owners should proactively transition to avoid issues for users.
There are short-term fixes like allowing HTTP or using incognito browsing, but the long-term solution is the full adoption of HTTPS across the web. Though it requires some effort, switching sites to HTTPS ensures the privacy, integrity, and safety of web traffic.
With an understanding of Chrome’s intent behind this error, users and developers can work together to fix these warnings and create a web that’s secure by default.
