In the wake of Sniffly, it seems pretty reasonable to prevent folks from locking themselves into insecurity. To that end, Insecure schemes in source expressions now match their secure variants. That is, `http:` is equivalent to `http: https:`, and `` to ``.


Specification link

Specification being incubated in a Community Group

Status in Chromium


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • No signals


Last updated on 2020-11-09