Web browsers have been pushing to replace insecure HTTP sites with HTTPS for years, but there are still plenty of insecure pages and links out there. Chrome is now starting to experiment with modifying page links to improve security.
HTTPS adds a layer of encryption between your device (and web browser) and whatever site you’re visiting, ensuring that no one can modify the content along the way. Although most websites support HTTPS to some degree, some of them do not automatically redirect HTTP requests to HTTPS, or have links to other pages that have never been updated to use HTTPS. Google is now trying to address this with a new Chrome experiment, called “HTTPS Updates.”
The Google Chrome team has announced an “intention to experiment” with automatically updating all HTTP links to HTTPS. Typing or pasting an HTTP link in the address bar will also update the request to HTTPS. If the update request fails, for example if the site was never configured to support HTTPS, there is a “fast fallback” to HTTP.
Over the years, there have been a few browser extensions that achieve a similar effect, such as HTTPS Everywhere from the Electronic Frontier Foundation. Google Chrome has already used HTTPS by default for websites entered in the address bar, but hasn’t experimented with modifying links so far. It’s another step towards an HTTPS-only future, without breaking old sites.
Source: Google Groups, GitHub