HTTPS Everywhere: Force Open Secure Connection in Firefox and Chrome

It is a well-known fact that unprotected HTTP protocol is prone to hijacks, HTTPS provides better security.  However, while some web sites support HTTPS protocol, only HTTP is set as default.  Some web sites provides HTTPS protocol support but the pages also contain links to unprotected HTTP pages.

Today’s featured browser extension is HTTPS Everywhere, one that forces your Firefox and Chrome web browser to use HTTPS protocol on supported web sites.


HTTPS Everywhere: Auto-rewrite of Requests to HTTPS

HTTPS Everywhere - Electronic Frontier Foundation

HTTPS Everywhere has a Firefox add-on as well as a Chrome extension.  What it does is to automatically re-write all requests to unsecured HTTP pages to HTTPS, if HTTPS is supported.  Currently over 1400 web sites are supported, on these web sites this tool knows where to enable HTTPS on all supported parts of the site.  In other words, HTTPS Everywhere does not create the security features, it only enables them when available, so that you don’t have to find the link to secured log-in or the option to enable HTTPS protocol.

The new Chrome extension is currently in beta version.  The Firefox version has one particularly useful feature that is yet to appear in Chrome, Decentralized SSL Observatory.  This function, once enabled, detects encryption weaknesses and tells you when you browse a web site with a security vulnerability.  In other words, it points out security issued as you surf.  This is useful to web surfers as well as web designers who could quickly identify potential security holes.


Official Site:

Google Chrome Tutorial: Force Chrome to open web sites in https protocol

Some web sites support both HTTP and HTTPS protocols.  If you are unsure what they are, a brief explanation is that the HTTP is a network communication protocol that the web uses, and HTTPS is the combination of HTTP and SSL/TLS protocol (something for encrypted communication).  In even simpler terms, HTTPS generally gives better data protection.

Force https in Chrome

If you wish to force Chrome to open web sites in https protocol (provided that the web site supports it), apart from installing extensions, here is another method:

  1. open chrome://net-internals/ in the address bar
  2. go to the HSTS tab
  3. under Add domain, enter the domain name which you want Chrome to always open with https protocol (for example,
  4. check Include subdomains
  5. done!

If for some reasons you want to cancel this, scroll a bit down on the same page, find the Delete domain section, enter the domain name you want to remove from the https list and click Delete.


source +Andy WU, via Chromi

Related Posts Plugin for WordPress, Blogger...