Microsoft is Bringing Automatic HTTPS to Edge

Posted on June 1, 2021 by Paul Thurrott in Microsoft Edge with 8 Comments

Microsoft is bringing Automatic HTTPS capabilities to its Edge browser starting with version 92, which is available now in preview.

“Starting with Microsoft Edge 92, users can preview the Automatic HTTPS feature, which automatically switch[es] your connections to websites from HTTP to HTTPS,” the Microsoft Edge Team writes in a new post. “When sites are loaded over HTTP, attackers can view or change page content in transit, or redirect you to a different location than you had expected. Most websites now support HTTPS, which can help protect against these man-in-the-middle attacks. However, too many of these sites aren’t configured to require HTTPS, leaving open a short window of opportunity for attackers before the site can redirect to the more secure protocol.”

Today, some more technical users install a browser plug-in to force web traffic over the more secure HTTPS, which encrypts traffic. But starting with Edge 92, users of Microsoft’s web browser will no longer need an extension. Given its functionality, I assume this feature will be more positively met than some of the more superfluous additions that Microsoft has made recently to Edge.

If you’re interested in testing Automatic HTTPS in Edge, you can install a Canary of Dev build of the product today. If the feature isn’t automatically available—Microsoft, sadly, is testing it with “select users” right now, so A/B testing—you can enable it manually by navigating to edge://flags/#edge-automatic-https and enabling this feature, rebooting the browser, and then visiting edge://settings/privacy and turning on the option “Automatically switch to more secure connections with Automatic HTTPS”.

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (8)

8 responses to “Microsoft is Bringing Automatic HTTPS to Edge”

  1. earlster

    I've been using 'HTTPS Everywhere' as an extension for a long time now, having this built-in to the browser is great.

  2. anoldamigauser

    I just got version 92 on the Dev channel. Going to Help/About Edge seemed to force the update. The setting was not enabled by default, but it is now.

  3. bettyblue

    Firefox has had this for a while now. It even has a HTTPS "ONLY" which takes to the next level.

  4. matsan

    As a developer I pray to whatever entity out there this will be possible to deactivate. We live with self-signed certificates and non-HTTPS every day of the week. Having to fight the browser is so painful (looking at YOU Chrome that started to demand a valid certificate for .dev a couple of years ago!!)

    • bettyblue

      One of the main reasons I use Firefox. We deal with self signed certs every day on so many internal systems. Firewalls, SAN's, IPAM appliances, etc...etc. A chromium based browser is horrible with this, always having to click through the BS. FF and Safari allow you to do this one time and never again.

      • matsan

        True. We run our own CA and have to get the OS to trust that CA to keep the Chromium-based browsers happy. Good in one way if all would use the same trust-settings but a hassle. The exception with ".dev" is pretty annoying since we started using that domain about 10 years ago and it is hard to back out of with all the servers and build scripts.

  5. brettscoast

    Another useful update to Edge which I am using as primary browser now, I find it somehow less intrusive than Chrome.

  6. harmjr

    Thought this was already a thing.