If I delete all youtube.com URLs from my history except for https://www.youtube.com/ (note, http_s_), then when I enter "you" and it suggests "youtube.com" as the autocomplete it should load the stored https URL. Currently we load http://www.youtube.com/ (note, just http) and ignore the https URL from the history.

[Tracking Requested - why for this release]: We're supposed to be the browser that champions privacy, and this bug is a case where we're not doing that at all. We should fix this as soon as we can.

It should be enough that you type just once the https version and we should always suggest that. We only suggest typed entries. We tried to enforce https when it was known to history, but we got a lot of complains from users and server admins cause we can't differentiate pages for which https and http point to the same contents from the other ones. So we had to revert that change and we implemented the typed-only solution. See bug 769994 for more details and large number of comments. Btw, why is this tracking-firefox34? it doesn't sound like a regression so I don't see why should be tracked for a very specific version.

I'm untracking for 34. I would be happy to see us figure out a way to solve this but we don't need this specifically in 34.

I have the following suggestion that ties into the original bug: For both enhancements, I would require that we have more than one known-URL (cache entry? history entry?) for HTTPS. This should help ruling out redirects and websites that have just a place-holder or only their login form on HTTPS (a common example is https://forbes.com) - Can we increase the frecency-score for https names in general (assuming we know they do HTTPS)? - If I type in a term and blindly press enter, can we prefer https over http (as above, assuming known working https previously)? Do you think this is doable, Marco?

(In reply to Frederik Braun [:freddyb] from comment #4) > For both enhancements, I would require that we have more than one known-URL > (cache entry? history entry?) for HTTPS. This should help ruling out > redirects and websites that have just a place-holder or only their login > form on HTTPS (a common example is https://forbes.com) finding the right threshold is hard, very hard. how much is more then one, is 2 enough, 10? we are very much guessing here. > - Can we increase the frecency-score for https names in general (assuming we > know they do HTTPS)? We could, but we should be sure the https is effectively safe and not just a way to get higher scores. And we don't have that information at the moment. > - If I type in a term and blindly press enter, can we prefer https over http > (as above, assuming known working https previously)? if you type a term and press enter, we search for the term in the current engine... If instead we'd autofill, all of the above discussions would apply. We would like to, but we don't have a good solution that would satisfy most users.