Brave Won’t Connect to Unsecure Internal Sites? Fix It

December 1, 2025

Jonathan Dough

The Brave browser is well-known among internet users for its privacy-oriented features, built-in ad blocker, and overall speed. However, users trying to access internal websites or legacy intranet resources over HTTP instead of HTTPS often find themselves blocked, met with errors, or redirected without success. This issue can become frustrating, especially in work environments where quick access to local network resources is critical.

TL;DR (Too Long; Didn’t Read)

If Brave isn’t allowing access to unsecure internal sites, it’s likely due to its strict privacy and HTTPS enforcement settings. The browser tries to upgrade insecure HTTP connections to HTTPS, which doesn’t work well with legacy or local intranet systems. Disabling the “HTTPS Everywhere” feature or allowing specific sites through custom settings can resolve the issue. Advanced users may also manage these settings via Brave’s internal configuration pages or command-line flags.

Why Brave Blocks Certain Insecure Connections

Brave aims to make browsing safer by automatically upgrading websites from HTTP to HTTPS. This feature, while generally beneficial, can cause complications when the user is trying to access legacy internal systems or web applications hosted locally without SSL encryption.

Examples of such systems include:

  • Printers or router configuration pages (e.g., http://192.168.0.1)
  • Internally hosted documentation sites
  • Network-attached storage (NAS) dashboards
  • Developer environments like localhost with non-secure ports

By default, Brave will try to force these connections to HTTPS, and when that fails (which it inevitably will unless there’s a valid certificate), it throws a warning or blocks the connection altogether.

Step-by-Step Fixes for Accessing Unsecure Internal Sites

Fortunately, users can apply several workarounds to bypass Brave’s security enforcement for trusted internal resources. Below are a series of solutions from most common to more technical approaches.

1. Disable HTTPS Upgrades for Specific Sites

Brave includes an option to disable HTTPS upgrades, which can be applied selectively:

  1. Open Brave and go to Settings > Privacy and Security > Security.
  2. Under the “Advanced” section, find the toggle for “Always use secure connections” and disable it.
  3. Alternatively, keep the setting on, but when visiting an internal HTTP site, click the lock icon in the address bar and allow the connection manually.

This should allow occasional exceptions without undermining the browser’s overall security policy.

2. Use the Brave Shields Feature

Brave Shields is another layer that blocks trackers and upgrades insecure items. While it’s a great privacy tool, it can interfere with internal resources.

To adjust Shields per site:

  1. Visit the internal site that’s causing an issue.
  2. Click the Brave logo (Shields icon) to the right of the address bar.
  3. Toggle off “Upgrade connections to HTTPS” for that specific domain.

This creates a per-site exception while keeping the rest of Brave’s security profile intact.

3. Access Internal IPs or Hostnames Directly

In some cases, Brave’s default behavior depends on domain vs IP structure. For example, internal IPs might receive different treatment from `.local` domains.

Try accessing using:

  • http://192.168.1.100 — Numeric IP address
  • http://device.local — Hostname format

If neither approach works, fall back to adding an exclusion or relax the global HTTPS policy temporarily.

4. Use Command-Line Flags (Advanced Users)

If the workaround needs to be applied systematically, launching Brave with additional command-line arguments can help:

brave --ignore-certificate-errors --allow-insecure-localhost

Keep in mind this disables SSL/TLS verification and should be used only when accessing trusted internal resources—not for general browsing.

5. Relax Chrome-Based Settings via Brave’s Internal Pages

Brave is built on Chromium, which means settings like HSTS and security policies are managed similarly to Chrome.

For clearing cached HSTS settings:

  1. Navigate to brave://net-internals/#hsts.
  2. Under “Delete domain security policies”, type in your internal hostname and click “Delete”.

This resets HTTPS upgrade attempts for that specific hostname and may resolve persistent redirection loops.

Extra Tips and Best Practices

Fixing these issues is only half the battle—maintaining security and usability is the full picture. Here are a few ongoing strategies:

  • Use Bookmarks: Bookmark working HTTP addresses for frequent use to avoid repeatedly typing them in.
  • Set Exceptions Centrally: If you administer an enterprise environment, consider using Brave policies or config files to apply the fix across all machines.
  • Install Self-Signed Certificates: If you have admin rights over internal sites, setting up local SSL certificates—even self-signed—can improve compatibility across all browsers, including Brave.

When to Switch to a Different Browser Temporarily

For critical tasks where Brave constantly blocks access, it may be more efficient to open those links in a browser less aggressive about HTTPS enforcement. Browsers like Firefox or Chrome (with modified settings) might provide the needed flexibility for local site debugging and intranet browsing.

Conclusion

Brave’s emphasis on browsing safety and privacy should be applauded, but it can introduce roadblocks in specialized environments where insecure local connections are still the norm. Understanding how to configure and troubleshoot Brave’s security features allows users to maintain both access and safety based on their unique use cases. Whether you’re a system admin troubleshooting network tools or a developer managing localhost services, these solutions will help tailor Brave to your internal workflow.

Frequently Asked Questions (FAQ)

Why does Brave block my internal HTTP sites?
Brave automatically upgrades HTTP connections to HTTPS to improve privacy, which can break access to internal sites without proper SSL certificates.
Is it safe to disable HTTPS upgrades?
Yes, if done selectively for trusted internal resources. Avoid turning off secure connections for general web browsing.
Can I whitelist specific internal IPs in Brave?
While Brave doesn’t use a traditional whitelist UI, you can disable HTTPS upgrade via Shields per domain basis or bookmark HTTP versions externally.
Does turning off “Always use secure connections” make Brave unsafe?
Disabling the feature decreases automatic protection but does not inherently compromise security, especially if you’re cautious with external websites.
What if I’m using localhost for development purposes?
Add flags like --allow-insecure-localhost when launching Brave, or use Shields to disable HTTPS upgrades for localhost only.

Also read:

About us

WebFactory Ltd specializes in creating premium WordPress plugins and has been maintaining dozens of plugins for over a decade. Every plugin is developed with a strong focus on simplicity and ease-of-use. Qualities recognized by over a million customers who use our plugins daily.

More info

Other great plugins

© WebFactory Ltd 2024 - 2026. All rights reserved
The WordPress® trademark is the intellectual property of the WordPress Foundation. Uses of the WordPress name in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation. WebFactory Ltd is not endorsed or owned by, or affiliated with, the WordPress Foundation.