Open Bug 902338 Opened 6 years ago Updated 2 years ago

Location bar: When both the HTTP and HTTPS version of a page have been visited, default to HTTPS


(Firefox :: Address Bar, defect, P3)

24 Branch




(Reporter: 326374, Unassigned)



(Keywords: sec-want)

Nowadays more websites provide both an HTTP and an HTTPS version of their website. When I have visited both, and both work (no timeout errors, invalid certificate etc.), Firefox should default to the HTTPS version.

Steps to reproduce:
0. Clear history and bookmarks (or start with a new profile)
1. Go to
2. Go to
3. Enter '' in the location bar and hit enter

Actual results:
The HTTP version of the site

Expected results:
The HTTPS version of the site

Note: It doesn't matter which version you visit first.
I think it's by design since FF24, see bug 769994.
Flags: needinfo?(mak77)
Alright. So what I was looking for in this bug was basically Tanvi's 'Proposal 1' [1], which requires marking pages in the history with an error flag.

I filed another proposal in bug 902582, which shouldn't require any changes to the history database, but still improves the situation.
As filed, we cannot implement this, for the same reason we stopped doing that in FF24
I don't understand bug 902582, it should already happen, but we don't autocompete if you also type the trailing "/".
Regardless, while on the paper it's easy to think of better and complex algorithms to achieve the wanted results, practically it's very hard to implement them to be responsive enough while the user is typing. Basically anything over simple queries will be too much slow.
Flags: needinfo?(mak77)
I tried to explain bug 902582 further - in that bug.

My intention with keeping this bug open was that any work on a more complex algorithm (such as Tanvi's 'Proposal 1') could happen here. If that's unlikely to happen any time soon, please feel free to close this bug.
Ever confirmed: true
Keywords: sec-want
Using Firefox 50.0.2, I have accessed both URLs
- and 
So both URLs are stored in my browser's history.

When I start entering "192" into the location bar, the http version of the URL is suggested first " - Visit". So entering "192" and pressing return sends me to the http URL.

I abhor this behavior. I don't like it at all. I believe that the https version of the URL should be preferred, always. 

I know that somehow this behavior is purportedly "by design", as indicated in comment #1. This comment points to bug 769994, however, bug 769994 has attracted quite a lot of comments and I admit that I've only read the top comments. Frankly, I don't understand why this behavior has to be the way it is.

Anyway, times have changed. A lot of web servers today offer secure access and I believe autocomplete ("visit" entry, first suggestion) should always prefer the secure version of the same domain by design.
See Also: → 1341350
See Also: → 1426934
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.