HTTPS Everywhere is a popular cross-browser extension that you may use to enforce the use of HTTPS on websites that support it.
While the extension does nothing for sites that use only HTTP or HTTPS, it is designed for those sites that support both protocols but don’t enforce one or the other on its users.
This can be the case when a site tests the HTTPS rollout for instance but has yet to make the full switch to the secure protocol.
HTTPS Everywhere for Firefox is available as a legacy add-on currently only which the EFF released in 2010. While it works well in the latest stable version of Firefox, it will stop working when Mozilla releases Firefox 57.
Firefox 57 is a major release that ships with fundamental changes. One of these changes is that Firefox won’t support legacy add-ons anymore. Any add-on that is not a WebExtension will be disabled when you upgrade your copy of the browser to that version.
While some developers have stopped development of their extensions because of this, others are working on porting them to the WebExtensions system to offer continued support.
HTTPS Everywhere WebExtension for Firefox
HTTPS Everywhere will be made available as a WebExtension eventually. You can grab and install a test version of the WebExtension version from this web page.
The developers note that the extension is to be considered unstable right now. I did not notice any issues whatsoever however during or after installation in Firefox 53 Stable.
The page lists three extensions currently, two to test upgrades to WebExtensions, and one that is the latest version of the WebExtension version of HTTPS Everywhere.
The add-on itself looks like a copy of the Chrome version, as it features the same interface as the Chrome version of HTTPS Everywhere.
The WebExtension version offers three main features right now:
- Enable or disable HTTPS Everywhere.
- Block all unencrypted traffic.
- Create custom rules for the current page.
The rules interface supports adding a new rule quickly, or adding an advanced rule. If you pick the latter, you get full control over the rule (what gets redirected to HTTPS).
Comparison to legacy HTTPS Everywhere on Firefox
The legacy add-on HTTPS Everywhere for Firefox supports additional features that neither the Chrome extension, nor the Firefox WebExtension version of the add-on support at this point in time.
The menu lists two additional options to reset all to the default values, and to check all rules (which redirects to the HTTPS Everywhere website).
What is more important however is that HTTPS Everywhere for Firefox may use the organization’s SSL Observatory. This feature may warn you about insecure connections or attacks on the browser, and may send copies of HTTPS certificates to the Observatory for analysis (detecting man in the middle attacks, improving web security).
HTTPS Everywhere as a WebExtension for Firefox supports the core functionality. You can add and edit rules for sites, and use the rules that the extension ships with by default.
It is obviously a good thing that HTTPS Everywhere will continue to work in Firefox 57 and beyond. No word yet on the stable release of the WebExtension version. We will update the article once it becomes available.
Now You: do you use HTTPS Everywhere, or a comparable extension?