Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July.
By default, this new option will allow Edge users to switch from HTTP to HTTPS on websites that are likely to support the more secure protocol.
However, users will also be able to configure the browser to upgrade all connections to HTTPS (Hypertext Transfer Protocol Secure) as the default internet communication protocol for all domains.
“Starting with Microsoft Edge version 92, users will have the option to upgrade navigations from HTTP to HTTPS on domains likely to support this more secure protocol,” Microsoft said. “This support can also be configured to attempt delivery over HTTPS for all domains.”
Blocks MITM attacks and web traffic tampering
This change will further secure Edge users’ web traffic against man-in-the-middle (MITM) attack attempts to snoop on data exchanged over unencrypted HTTP connections.
Given that data sent and received via HTTP connections is not encrypted, malicious programs running on one’s computer can easily monitor all the information sent over it, including passwords, credit card info, and various other sensitive info.
Ensuring that you’re always using HTTPS while browsing the Internet helps secure your data while in transit by encrypting the connection between the sites you’re visiting and the web browser.
HTTPS also makes sure that threat actors trying to snoop on your web traffic will not be able to alter any of the data exchanged with Internet sites without being detected.
Other browsers also allow enabling HTTPS on all sites
This move is part of a greater effort where browser vendors defend users from attackers attempting to intercept their unencrypted traffic by making it easier to browse the entire web over HTTPS.
For instance, starting with version 90 released earlier this month, Google Chrome defaults to HTTPS for any URLs typed in the address bar if there’s no protocol specified.
With the release of Firefox 83, Mozilla also added an HTTPS-Only Mode that secures web browsing by automatically rewriting URLs to use the HTTPS protocol (while disabled by default, it can be enabled from the browser’s settings).
Until Microsoft Edge adds the Automatic HTTPS option, users can enable HTTPS for all sites with the help of the HTTPS Everywhere extension available on Microsoft’s Edge Add-ons store.
Source: https://www.bleepingcomputer.com/news/security/microsoft-edge-to-add-automatic-https-option-for-all-domains/