From theregister.com
When version 90 of Google’s Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme.
Lack of security is currently the norm in Chrome. As Google Chrome software engineers Shweta Panditrao and Mustafa Emre Acer explain in a blog post, when a user types “www.example.com” into Chrome’s omnibox, without either an “http://” or “https:// prefix,” Chrome chooses “http://.” The same is true in other browsers like Brave, Edge, Mozilla, and Safari.