I was surprised when I noticed that Brave did not upgrade a request to https, even though the site supports https – the site also doesn’t redirect to https as it should, but that’s not the point.
So I looked around and found this explanation:
Does that mean that upgrade to https only works for domains included in that list of “this can use https” (from https://www.https-rulesets.org/ I guess), as opposed to trying https first and only falling back to http if it could not connect, for unknown sites not in the list?
For curiosity, what is the technical reason for only using the list instead of trying https and falling back – or optionally blocking – with the list still providing rewrite rules for sites that need them and exclusions for pages that would break?
I have looked at the https everywhere project, and it explains things in much detail, except this.
Can users set a site to always use https by themselves? If not, consider it a feature request.
Could a “block all unencrypted requests” option be provided?
Is it possible to set shields options for a site before ever accessing the site – other than setting “global shields defaults”? If not, consider it a feature request.
Last one, is there a way to set some site to always open in private or private+tor – ideally, blocking and warning about connections to them coming from other pages?
Example: if I set
example.com as “always open in private”, bookmarks, links and typed urls would open in a private window automatically, and some
another.com requesting resources from
example.com would have those requests blocked unless already in private window.
I see there has been some related discussion long ago in GitHub issue #910.