Web browsers have been pushing to replace insecure HTTP sites with HTTPS for years, but there are still plenty of insecure pages and links. Chrome is now starting to experiment with modifying page links to improve security.
HTTPS adds a layer of encryption between your device (and web browser) and whatever site you are visiting, ensuring that no one can modify the contents along the way. Even though most websites support HTTPS to some extent, some of them don’t automatically redirect HTTP requests to HTTPS, or have links to other pages that were never updated to use HTTPS. Google is now trying to address this with a new Chrome experiment, called “HTTPS Upgrades.”
The Google Chrome team has announced an “intent to experiment” with automatically upgrading all HTTP links to HTTPS. Typing in or pasting an HTTP link in the address bar will also upgrade the request to HTTPS. If the upgraded request fails — for example, if the site has never been configured to support HTTPS at all — there’s a “fast fallback” to HTTP.
There have been some browser extensions over the years that achieve a similar effect, such as HTTPS Everywhere from the Electronic Frontier Foundation. Google Chrome has already used HTTPS by default for websites entered in the address bar, but it hasn’t experimented with modifying links before now. It’s another step towards an HTTPS-only future, without breaking old sites.