cross-posted from: https://lemmy.world/post/3301227

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for “high-risk files” (example given is an exe). They’re also planning on enabling it by default for Incognito Mode and “sites that Chrome knows you typically access over HTTPS”.

  • @Spotlight7573OP
    link
    English
    21 year ago

    If it’s enforced server-side, then there’s still an initial connection that is unsecured and can potentially be intercepted/modified before it gets to the redirect from 80 to 443.