I was surprised when I noticed that Brave did not upgrade a request to https, even though the site supports https – the site also doesn’t redirect to https as it should, but that’s not the point.
So I looked around and found this explanation:
Does that mean that upgrade to https only works for domains included in that list of “this can use https” (from https://www.https-rulesets.org/ I guess), as opposed to trying https first and only falling back to http if it could not connect, for unknown sites not in the list?
If so:
For curiosity, what is the technical reason for only using the list instead of trying https and falling back – or optionally blocking – with the list still providing rewrite rules for sites that need them and exclusions for pages that would break?
I have looked at the https everywhere project, and it explains things in much detail, except this.
Can users set a site to always use https by themselves? If not, consider it a feature request.
Could a “block all unencrypted requests” option be provided?
Is it possible to set shields options for a site before ever accessing the site – other than setting “global shields defaults”? If not, consider it a feature request.
Last one, is there a way to set some site to always open in private or private+tor – ideally, blocking and warning about connections to them coming from other pages?
Example: if I set example.com as “always open in private”, bookmarks, links and typed urls would open in a private window automatically, and some another.com requesting resources from example.com would have those requests blocked unless already in private window.
I see there has been some related discussion long ago in GitHub issue #910.