Microsoft Adds Automatic HTTPS in Edge for Secure Browsing

Microsoft Edge now can automatically switch users to a secure HTTPS connection when visiting websites over HTTP after enabling Automatic HTTPS.

This new feature is in preview in the Canary and Developer preview channels and is rolling out to select users of Microsoft Edge 92.

The announcement made today by the Microsoft Edge Team comes after the company added the feature to the Microsoft 365 roadmap in April, with an estimated release in July.

“Automatic HTTPS switches your connections to websites from HTTP to HTTPS on sites that are highly likely to support the more secure protocol,” Microsoft said today.

“The list of HTTPS-capable websites is based on Microsoft’s analysis of the web, and helps enable a more secure connection on hundreds of thousands of top domains.”

Also Read: What You Should Know About the Data Protection Obligation Singapore

Blocks MITM attacks, web traffic tampering

The automatic switch to an HTTPS connection will protect Edge users from man-in-the-middle (MITM) attacks attempting to snoop on data exchanged with websites over unencrypted HTTP connections.

Data sent and received over HTTP (including passwords, credit card info, and various other sensitive info) can also be harvested by malicious programs running on a compromised computer.

Ensuring that you’re always using HTTPS when browsing the web helps secure your data while in transit by encrypting the connection to the sites’ servers.

HTTPS also makes sure that threat actors trying to intercept your web traffic will not be able to alter the data exchanged with Internet sites without being detected.

How to test it right now

If you want to test it right now, you have to open edge://settings/privacy and turn on “Automatically switch to more secure connections with Automatic HTTPS.”

If the experiment hasn’t reached you yet, you can enable it by going to edge://flags/#edge-automatic-https, toggling on the ‘Automatic HTTPS’ experimental flag, and restarting the browser.

The HTTPS upgrades will be automatic with no alerts to allow you to browse the web just as you usually do, but over a secure connection wherever possible.

While, by default, Automatic HTTPS will only switch to HTTPS on sites likely to support this secure protocol, you can also choose to have all connections switched, which will likely lead to connection errors if the website is missing HTTPS support.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

Microsoft is not the first major web browser vendor to add an option to enable HTTPS on all websites automatically.

For instance, Google Chrome defaults to HTTPS for URLs typed in the address bar if no protocol is specified.

Mozilla has also added an HTTPS-Only Mode designed to secures web browsing by rewriting URLs to use the HTTPS protocol (even though disabled by default, it can be enabled from the browser’s settings).