Google Will Launch HTTPS First Approach With URLs From Chrome 90

After advocating for years for the HTTPS adaptation, Google has now taken another step. In future Chrome releases, Google will launch the HTTPS First approach by default. This will compel the websites to adopt HTTPS by redirecting HTTP traffic.

Chrome HTTPS First With Incomplete URLs

Reportedly, Google has planned to roll out HTTPS First approach while handling incomplete URLs in upcoming Chrome releases.

In simple words, when a user types in a URL in the browser address bar, the browser (Google Chrome in this case), guesses the URL to facilitate the user. This URL can either have an ‘HTTP://’ or an ‘HTTPS://’ prefix – whichever matches the user query. For sites having HTTPS by default, the typed query automatically redirects to the HTTPS link. But, if the site has an HTTP link as well, then the incomplete query will link to the HTTP URL unless the user explicitly types HTTPS before the link.

However, with future Chrome releases, the browser will have the HTTPS First approach as the default. It means that the browser will always attempt to connect to the HTTPS link in response to an incomplete URL query.

Feature To Be Available With Chrome 90

The news surfaced online when Emily Stark, security engineer for Google Chrome, shared about it in a tweet.

As disclosed, the new feature is currently available in Chrome Canary. Users can get their hands on it by enabling chrome://flags/#omnibox-default-typed-navigations-to-https.

Whereas, for those who wish to wait for a stable release, it will appear in Chrome 90. Google has scheduled this release for April 2021.

Explaining further, Stark highlighted that this feature isn’t a replacement for the “HTTPS Everywhere” extension. For now, Chrome will fall back to HTTP if HTTPS isn’t available.

Yet, HTTPS Everywhere users may find Mozilla Firefox a better option (at least until Chrome brings more improvements.) Firefox has already adopted an HTTPS-Only approach since Firefox 83.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers