3

Is there a way to get Firefox to automatically visit the HTTPS site instead of the HTTP site, whenever possible? For instance, if I type web.archive.org into the address bar, with no search history, I would prefer that Firefox take me to https://web.archive.org instead of http://web.archive.org. Currently, Firefox takes me to the HTTP site.

Apparently, starting in Firefox 91, Firefox will automatically opt into the HTTPS site whenever possible while in Private Browsing mode. I'd like to enable this same functionality all the time, even when not in Private Browsing mode. Is there a way to do that?

I do not want HTTPS-only mode. If the website does not support HTTPS, I want Firefox to still load the HTTP site, rather than blocking the connection. In other words, I want "HTTPS if possible" rather than "HTTPS or nothing". Firefox supports HTTPS-only mode in its preferences, but that's not what I am looking for. I found How can I get Firefox to prefer HTTPS over HTTP?, which superficially sounds like the same question, but all the answers suggest HTTPS-only mode, which is not what I'm looking for, and it is quite old, whereas I am asking about a fully updated modern Firefox browser. Is it possible to achieve what I want?

Improve this question
0

2 Answers 2

Reset to default
2
+50

I found this thread on reddit where a user suggests to fully disable HTTPS-Only mode in firefox settings; then go in about:config, search for 'dom.security.https_first' and set it true.

I just tried this solution on firefox 115.8.0esr by testing http.badssl.com. It seems to work the way intended by the question.

Differently from HTTPS-Only, https_first doesn't block nor warn about the lack of https. It simply tries first to use https protocol, whenever provided, otherwise it falls back to http. This behavior should be already enabled by default for private browsing (in this case the option is dom.security.https_first_pbm).

Improve this answer
2

That's already how Firefox's "HTTPS-Only Mode" works. If the website does not support HTTPS, you get a full-page alert, in which you click the button and the site proceeds to load over HTTP. Firefox remembers the opt-out for the rest of the session, approximately.

enter image description here

For frequently visited websites that don't support HTTPS (like web.archive.org half the time), you can permanently opt out of the HTTPS upgrade individually per domain:

enter image description here

Improve this answer
1
  • Thanks for this response! This doesn't meet the requirements I had in mind. If HTTPS is not supported, I'd like Firefox to fall back to HTTP without the full-page alert, so Firefox automatically falls back to HTTP without warning me or bothering me. It sounds like Private Browsing already does that, but I'd like it even when Private Browsing is not enabled. I think I do understand the security tradeoffs of what I'm asking for, and I think what I'm asking for would offer better security than the current default behavior. Commented Apr 2, 2024 at 6:19

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.