Microsoft will add an HTTP-to-HTTPS mode in Edge
Microsoft announced this week plans to add a feature called "Automatic HTTPS" to its Edge browser, a feature that will automatically switch the user's connection from HTTP to HTTPS.
In testing for the past month, Automatic HTTPS will ship with Edge 92, set to be released next month.
Currently, users can test the feature in Edge 92 Dev and Canary builds.
How Automatic HTTPS works
According to Microsoft, the feature primary's role is to analyze an URL the user is trying to access and automatically work under the browser's hood to upgrade the link from a plaintext HTTP connection to a more secure HTTPS alternative.
The feature is similar to what Mozilla implemented in Firefox 83 with its HTTPS-Only Mode.
However, while Firefox upgrades all HTTP connections to HTTPS, Microsoft has taken a different approach in Edge, which will use an internal list of websites that are known or are likely to support HTTPS connections.
The reason is to avoid causing HTTPS load errors to end-users and blocking their access to older sites—and indirectly causing the user to think the website might be offline. According to Microsoft, if sites are not on the list, Edge will just load it via HTTP, as it did before.
How to enable Automatic HTTPS
Edge users who'd like to enable Automatic HTTPS when the feature goes live with Edge v92's launch will have to visit the edge://settings/privacy and toggle the appropriate setting.
Microsoft's move to add the feature not only comes after Mozilla's similar HTTP-Only Mode effort in Firefox but also after Google took similar steps in previous years by:
- making HTTPS the default protocol in its address/search bar [see announcement here]
- auto-updating mixed content from HTTP to HTTPS [see announcement here]
- blocking HTTP downloads initiated from seemingly secure HTTPS pages [see announcement here]
Currently, around 82.2% of all internet sites support HTTPS connections. Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts from 90% to 95% of their daily user traffic.
In a report last month analyzing the rollout of its HTTP-Only Mode, Mozilla said Firefox upgraded HTTP traffic to HTTPS only for 3.5% of web pages, as 92.8% were loading via HTTPS connections already.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.