cross-posted from: https://lemmy.world/post/3301227

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for “high-risk files” (example given is an exe). They’re also planning on enabling it by default for Incognito Mode and “sites that Chrome knows you typically access over HTTPS”.

  • Spotlight7573@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    If it’s enforced server-side, then there’s still an initial connection that is unsecured and can potentially be intercepted/modified before it gets to the redirect from 80 to 443.