Most sites on today’s Internet support HTTPS and are configured to use HTTPS when a user connects to the site without specifying a protocol (e.g. only typing ghacks.net in the address bar and not https://www.ghacks.net/).
Web browsers, with a few notable exceptions such as Tor Browser, don’t try to upgrade connections from HTTP to HTTPS automatically. If you click on a HTTP link in an old article, probably published before the migration to HTTPS began, you may end up loading the resource using HTTP; this won’t happen if the site migrated to HTTPS fully, but will happen if it has not migrated at all or supports both HTTP and HTTPS.
Extensions like HTTPS Everywhere upgrade connection requests automatically if the site is in a database of sites that support HTTPS. Search engine DuckDuckGo launched a new feature called Smarter Encryption in its applications and extensions recently that upgrades connections to HTTPS automatically based on search engine data.
HTTPZ for Firefox
HTTPZ is a Firefox extension that upgrades HTTP connections as well. It does not rely on a database of sites that support HTTPS though; the extension tries to upgrade the connection to HTTPS automatically and will revert back to HTTP if the HTTPS connection throws an error.
Note that it is designed to do so only for non-manual HTTP sites. When you type an address and use HTTP, it is ignored by the extension to ensure that the connection is established.
One of the great strengths of HTTPZ is the extension’s rich feature set. You may want to check the options that it provides right after installation to adjust them according to your needs.
Here is a quick overview of what is provided:
- Disable fallback mode to HTTP if the HTTPS upgrade does not work.
- Show a warning if a site redirects from HTTPS to HTTP.
- Enable proxy-compatible mode.
- Set a timeout for HTTPS connection attempts (default: wait for browser to act).
- Disable a cache that remembers successful HTTPS upgrades to speed up future connections.
- Configure ignore behavior for sites that don’t support HTTPs (default 7 days).
- Whitelist hostnames that should be ignored by the extension.
You find import and export options in the settings as well; useful to export settings and import then into other Firefox profiles.
HTTPZ has two limitations currently. The main one limits upgrades to the site that is accessed by the user, e.g. through links. The extension does not attempt to upgrade sub-resources, e.g. elements loaded by a HTTPS site.
The second issue is purely cosmetic; If an upgrade to HTTPS fails, Firefox wants to display an error message that describes what happened. HTTPZ does not wait for the error message to load but will retry the request using HTTP (which you can disable in the settings).
HTTPZ is a powerful extension for Firefox that upgrades HTTP site requests to HTTPS automatically. It features a whitelist and ignore list, and options to make rules more or less tight.
One downside is that it ignores sub-resources which may lead to mixed content warnings in Firefox.
Now You: how do you handle sites that still use HTTP?
Thank you for being a Ghacks reader. The post HTTPZ is an advanced HTTP connection upgrader for Firefox appeared first on gHacks Technology News.