
Mozilla now offers a UI in Privacy and Security settings of Firefox browser for users to enable HTTPs-only mode in normal or private browsing mode. The feature is disabled by default in Nightly.
What is HTTPS-only Mode?
Firefox’s HTTPS-only mode upgrades all insecure connections to HTTPS in the browser.
For instance, if you visit an HTTP site, all HTTP requests will be automatically changed to HTTPS.
Firefox tries to upgrade subresources of a site such as images scripts and CSS files to HTTPS, if Firefox fails to load a site, it shows an error and suggests to go back.
You can navigate to the website by clicking the “Accept the Risk and continue” button.
Here is the text in the error message:
“Fire
fox detected a potential security issue”.
“You’re browsing in HTTPS-Only Mode, and a secure HTTPS version of .. website is not available”.
What could be causing this?
- Most likely, the website simply does not support HTTPS.
- It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details.
Firefox’s new security feature may make HTTPS Everywhere add-on redundant when Mozilla makes it part of the browser. The extension changes HTTP sites to HTTPS sites.
The HTT
PS-only mode was introduced behind a pref in about:config in Firefox76. It is still an experimental feature and some websites may not load in Firefox when enabled.
Mozilla now allows to easily enable the feature via a UI in privacy & Security on about:Preferences of Firefox 80, which is in Nightly.
Enable HTTPS Only mode in Firefox
1. Launch Firefox browser
2. Click on menu > Settings > Privacy & Security
3. Select “Enable HTTPS-Only mode in all windows” to enable the feature in normal browsing mode
or select “Enable HTTPs-Only mode in private windows only” to enable the feature in private browsing mode.
“Don’t enable HTTPS-only Mode” is selected by default.
4. You may need to restart the Firefox browser for changes to take for HTTPS Mode to work on all websites.
Related articles:
Firefox 75 removes https:// and WWW from URLs in address bar results [Megabar update]
Mozilla Firefox to enable DNS over HTTPS (DoH) by default in the US
Firefox 70 now Shows Grey Lock for HTTPS Sites instead of Green
Chrome to block insecure downloads on HTTPS Sites
Make Firefox 18 Beta to block Mixed Content on HTTPS Websites