Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think HTTPS is the default automatically. When I create a new Chrome profile, then type example.com into the url bar and hit enter, I go to http://example.com . Then when I type https://example.com twice (each time hitting enter) then type example.com and hit enter, I go to https://example.com . So I think it might be whichever is more common in your history.

Firefox behaves very similarly, except I don't have to visit https://example.com twice before it becomes the default, I just have to visit it once.



This could also happen because of an extension like HTTPS Everywhere, which requests the https by default when both are available.


HTTPS Everywhere uses built-in rules, not heuristics, to determine when to rewrite an HTTP request to HTTPS. There does not appear to be a rule for example.com, so HTTPS Everywhere does not cause a rewrite.


It also sends the "Upgrade-Insecure-Request" header, which can cause that switch to take place.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: