After advocating for years for the HTTPS adaptation, Google has now taken another step. In future Chrome releases, Google will launch the HTTPS First approach by default. This will compel the websites to adopt HTTPS by redirecting HTTP traffic.
Chrome HTTPS First With Incomplete URLs
Reportedly, Google has planned to roll out HTTPS First approach while handling incomplete URLs in upcoming Chrome releases.
In simple words, when a user types in a URL in the browser address bar, the browser (Google Chrome in this case), guesses the URL to facilitate the user. This URL can either have an ‘HTTP://’ or an ‘HTTPS://’ prefix – whichever matches the user query. For sites having HTTPS by default, the typed query automatically redirects to the HTTPS link. But, if the site has an HTTP link as well, then the incomplete query will link to the HTTP URL unless the user explicitly types HTTPS before the link.
However, with future Chrome releases, the browser will have the HTTPS First approach as the default. It means that the browser will always attempt to connect to the HTTPS link in response to an incomplete URL query.
Feature To Be Available With Chrome 90
The news surfaced online when Emily Stark, security engineer for Google Chrome, shared about it in a tweet.
if you’re running Chrome Canary, Dev, or Beta and you want some more https in your life, go to chrome://flags and search for + enable “#omnibox-default-typed-navigations-to-https”. Chrome will now send schemeless hostnames over https:// instead of http:// by default😎
— Emily Stark (@estark37) February 25, 2021
As disclosed, the new feature is currently available in Chrome Canary. Users can get their hands on it by enabling chrome://flags/#omnibox-default-typed-navigations-to-https.
Whereas, for those who wish to wait for a stable release, it will appear in Chrome 90. Google has scheduled this release for April 2021.
Explaining further, Stark highlighted that this feature isn’t a replacement for the “HTTPS Everywhere” extension. For now, Chrome will fall back to HTTP if HTTPS isn’t available.
Yet, HTTPS Everywhere users may find Mozilla Firefox a better option (at least until Chrome brings more improvements.) Firefox has already adopted an HTTPS-Only approach since Firefox 83.