Chrome will soon try HTTPS first when you enter an incomplete URL

Google engineers have been among the most fervent promoters of browser security features in recent years and, along with the teams behind Firefox and Tor browsers, have often been responsible for many of the changes that have shaped browsers. in what they are today.

For pioneering features like site isolation and the behind-the-scenes CA / B forum work to improve the state of TLS certificate activity, we all owe the Chrome team a great deal of gratitude.

But one of the biggest areas of interest for Chrome engineers over the past few years has been to push and promote the use of HTTPS, both in their browser, but also among website owners.

As part of these efforts, Chrome now attempts to upgrade sites from HTTP to HTTPS when HTTPS is available.

Chrome also alerts users when they are about to enter passwords or payment card data on insecure HTTP pages, where they could be sent over a network in plain text.

And Chrome also blocks downloads from HTTP sources if the page’s URL is HTTPS, to prevent users from tricking their download as secure, but actually not.

Changes to Chrome Omnibox coming in v90

But even though about 82% of all websites operate over HTTPS, these efforts are far from over. The latest of these HTTPS changes will arrive in Chrome 90, which is slated for release in mid-April of this year.

The change will impact the Omnibox Chrome, the name Google uses to describe the Chrome address bar (URL).

In current versions, when users type a link into the Omnibox, Chrome loads the entered link regardless of the protocol. But if users forget to type the protocol, Chrome will add “http: //” before the text and try to load the domain via HTTP.

For example, if you type something like “domain.com” in current Chrome installations, you load “http://domain.com”.

That will change in Chrome 90, according to Chrome security engineer Emily Stark. From version 90, the Omnibox will load all domains where the domain has been left out via HTTPS, with a prefix “https: //” instead.

“Currently, it is planned to run on an experimental basis for a small percentage of Chrome 89 users and fully launch in Chrome 90, if all goes according to plan,” Stark explained on Twitter this week.

Users who want to test the new mechanism can already do so in Chrome Canary. They can look at the following Chrome indicator and activate the feature:

chrome: // flags / # omnibox-default-typed-navigations-to-https