Mozilla Firefox’s HTTPS-Only Mode provides extra privacy and security online. With it enabled, Firefox will try hard to only load encrypted HTTPS websites. If only HTTP is available, Firefox won’t load the unencrypted website without asking you.
Why Is HTTPS Important?
Unfortunately, not all sites support HTTPS, and some that do may fall back to non-encrypted HTTP versions of a site if you visit them through an HTTP link (such as http://www.example.com instead of https://www.example.com—notice the missing “s” in the address).
Starting in Mozilla Firefox version 83, which was released on November 16, 2020, you can turn on HTTPS-Only Mode. Firefox will automatically attempt to load the HTTPS version of a website even if you visit the site through a link to an unencrypted HTTP address. If one isn’t available, you’ll have to provide explicit permission before Firefox will load an HTTP page. Here’s how to enable this option.
RELATED: What Is HTTPS, and Why Should I Care?
How to Enable HTTPS-Only Mode in Firefox
First, open Firefox and click the hamburger button (three horizontal lines) in any Firefox window. In the menu that pops up, select “Options” on Windows and Linux or “Preferences” on a Mac. Tip: If you’re not running Firefox version 83 or higher, you’ll need to update Firefox to use the HTTPS-Only Mode feature. To check for updates manually, click the Firefox menu, then select Help > About Firefox. Then click the “Update Firefox” button. RELATED: How to Update Mozilla Firefox
In the “Options” or “Preferences” tab, click “Privacy & Security” in the sidebar menu.
On the “Browser Privacy” preferences page, scroll down to the bottom and locate the “HTTPS-Only Mode” section. Click the radio button beside “Enable HTTPS-Only Mode in all windows” to select it. (You also have the choice to enable HTTPS-Only Mode in private windows only, so select that instead if you prefer.)
After that, close the Options tab, and the change will take effect immediately. If you visit a website through a non-encrypted HTTP link that supports HTTPS, you will be redirected to the encrypted HTTPS version of the site automatically.
What Happens If a Site Doesn’t Support HTTPS?
If you visit a site with HTTPS-Only Mode turned on and the site does not support HTTPS, you will see an error page similar to this one.
RELATED: How to Update Mozilla Firefox
In the “Options” or “Preferences” tab, click “Privacy & Security” in the sidebar menu.
On the “Browser Privacy” preferences page, scroll down to the bottom and locate the “HTTPS-Only Mode” section. Click the radio button beside “Enable HTTPS-Only Mode in all windows” to select it. (You also have the choice to enable HTTPS-Only Mode in private windows only, so select that instead if you prefer.)
After that, close the Options tab, and the change will take effect immediately. If you visit a website through a non-encrypted HTTP link that supports HTTPS, you will be redirected to the encrypted HTTPS version of the site automatically.
Also, if you visit a site that is only partially HTTPS-secure—that is, it pulls non-encrypted elements into the secure page—it may not display properly with HTTPS-Only Mode enabled.
In either case, Mozilla has provided a quick way to temporarily disable HTTPS-Only Mode. To do so, click the lock icon beside the website address in the URL bar.
In the menu that pops up, click the drop-down menu below “HTTPS-Only Mode” and choose “Off temporarily” to temporarily disable HTTPS-Only Mode.
Alternately, if you’d like to permanently disable HTTPS-Only Mode just for this particular site, select “Off” from the list. Firefox will remember these settings individually for each website.
After that, you’ll be able to see the site as usual. If the site ever upgrades to support HTTPS fully, you can enable HTTPS-Only Mode for the site again using the same menu option hidden under the web address lock icon. Happy browsing!
Web browsers like Mozilla Firefox and Google Chrome are encouraging websites to move away from HTTP to more secure HTTPS connections. It’s likely that Firefox’s HTTPS-Only Mode will one day become the default option, boosting privacy and security online—and further encouraging website owners to upgrade to HTTPS.