14 DAY TRIAL // Mozilla Firefox 83 was officially announced earlier this week, and one of the biggest changes this time is the introduction of a feature called HTTPS-Only Mode
As you can easily figure out by simply reading this name, this new mode is supposed to allow only HTTPS connections and thus block HTTP.
If you’ve been following the tech news lately, browser makers out there have been pushing hard for increased security, and insisting on the migration from HTTP to HTTPS has long been one of the top priorities. Mozilla has thus developed this mode that blocks HTTP connections by default, thus making sure that all websites that you load in the browser are fully secure.
Certainly, this new feature comes in handy for organizations and government computers, and while consumers might want to keep it disabled, it should be enabled on pretty much every device out there.
Unfortunately, not all websites out there have made the switch to HTTPS, so activating this feature could eventually lead to some services no longer available in Firefox. One recommended approach is to enable the HTTPS-Only Mode in Firefox and disable it only when you’re 100 percent sure the HTTP page you want to load is not a threat.
Firefox 83 comes with a dedicated setting that lets you turn off this feature temporarily, but for now, a whitelist that would allow you to configure exceptions isn’t available.
“HTTP stands for Hypertext Transfer Protocol and is the foundational protocol for the web and encodes basic interactions between browsers and web servers. The problem with the regular HTTP protocol is that the data transferring from server to browser is not encrypted, meaning data can be viewed, stolen, or altered. HTTPS protocols fix this by using an SSL (secure sockets layer) certificate, this creates a secure encrypted connection between the server and the browser which protects sensitive information,” the Firefox maker explains.
“When you use HTTPS-Only Mode, this ensures all of your connections are encrypted and secure. So you have peace of mind that no one can snoop on the content of the pages you visit or hack into your connection to a website to steal your passwords, credit card information, or other personal information. This is especially useful when you are using a public WiFi where you can’t be sure of the integrity of your internet connection,” Mozilla explains.
Enabling the HTTPS-Only Mode is a matter of clicks, as Mozilla has added a dedicated setting at the following location:
Firefox > Menu > Options > Privacy & Security > HTTPS-Only Mode
At this point, there are three different options available:
- Enable HTTPS-Only Mode in all windows
- Enable HTTPS-Only Mode in private windows only
- Don’t enable HTTPS-Only Mode
If you’re trying to load an HTTP site when this mode is activated, you should see a warning telling you that a secure connection is not available.
“If HTTPS-Only Mode is enabled and you frequently visit a website that does not support HTTPS or does not seem to be rendering certain elements of the page correctly, you can turn off HTTPS-Only Mode for a particular site,” Mozilla explains.
Most likely, Mozilla will continue to refine the experience with this mode in Firefox in the coming updates, and one feature that I’d like to be added is support for a whitelist that would allow users to configure exceptions. This comes in handy especially for internal company apps that aren’t migrated to HTTPS but which are perfectly secure, with no threat for users whatsoever.