When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme.
Lack of security is currently the norm in Chrome. As Google Chrome software engineers Shweta Panditrao and Mustafa Emre Acer explain in a blog post, when a user types "www.example.com" into Chrome's omnibox, without either an "http://" or "https:// prefix," Chrome chooses "http://." The same is true in other browsers like Brave, Edge, Mozilla, and Safari.
This made sense in the past when most websites had not implemented support for HTTPS. It was only in 2018 that the majority of websites redirected traffic to HTTPS. But these days, most of the web pages loaded rely on secure transport (ranging from about 98 per cent on Chrome to about 77 per cent on Linux). And among the top 100 websites, 97 of them currently default to HTTPS.
Google fails to neutralize lawsuit that complains Chrome's incognito mode isn't very private at all
Previously, only websites that declared they should be loaded securely with an entry on an HTTP Strict Transport Security (HSTS) preload list – supported in multiple browsers – got HTTPS auto ..