Firefox

Firefox 76 gets optional HTTPS-only mode

Mozilla plans to introduce an optional HTTPS-only mode in Firefox 76 which only allows connections to HTTPS sites.

Most Internet sites use HTTPS already to improve the security of connections. HTTPS encrypts the connection which protects against manipulation and also blocks the logging of activity.

Firefox users may soon enable an option in the web browser to allow only HTTPS connections; this sounds very similar to how HTTPS Everywhere operates. The browser extension tries to upgrade unencrypted resources to encrypted ones when enabled, and it comes with an option to block any traffic that is not encrypted.

When enabled, Firefox loads HTTPS sites and resources just like before. When HTTP sites or resources are detected, the browser attempts to upgrade these to HTTPS. The site or resource is loaded if the upgrade worked; if not, it is blocked which may result in sites becoming inaccessible or partially loaded.

Firefox users who run Firefox 76 or newer can activate the new HTTPS-Only mode in the browser in the following way:

  1. Load about:config in the browser’s address bar.
  2. Confirm that you will be careful.
  3. Search for dom.security.https_only_mode using the search field at the top.
    1. Set the preference to TRUE to enable HTTPS-only connections in Firefox.
    2. Set the preference to FALSE to allow all connections (default).

A “Secure Connection Failed” error is displayed by Firefox is a site cannot be upgraded to HTTPS after setting the preference to TRUE in the Firefox preferences.

The new HTTPS-Only mode works like HTTPS Everywhere’s strict mode as it blocks all insecure connections automatically. Firefox’s built-in feature does not support a fallback mode (which HTTPS Everywhere supports).

Is this useful?

How useful is a HTTPS-only mode on today’s Internet? I see some limited applications for it when combined with browser profiles. A user could enable the feature for a profile that is used exclusively for online banking or other sensitive tasks on the Internet that benefit from increased security.

While most sites do support HTTPS already, Mozilla’s own stats show that about 82% of all Firefox connections use HTTPS, it is quite common that HTTP-only sites or resources are accessed on the Internet.

Most Internet users therefor may find the HTTPS-only mode disruptive as it blocks access to certain sites or resources on the Internet.

You Might Also Like