Firefox 83, scheduled for release later today, will ship with a new security feature named “HTTPS-Only Mode” that will try to load all websites via HTTPS or show an error message on sites that only support the older and insecure HTTP protocol.
By default, the new feature is disabled, but users can enable it by going to the Firefox Options page, to the Privacy & Security section, and then searching for the HTTPS-Only Mode settings.
According to Mozilla, the new feature works by attempting to find the HTTPS version of any website, even if the user has accessed the site by typing or clicking on an HTTP link.
If Firefox can’t auto-upgrade a site to an HTTPS connection, the browser will show an error to the user and ask them to click a button to confirm they want to access a website via an older HTTP connection.
The new HTTPS-Only Mode feature can also be enabled or disabled by clicking the lock icon in the address bar and selecting it from the drop-down panel that appears.
Today, the HTTP protocol is considered insecure because all traffic occurs via plaintext messages that can be intercepted and expose a user’s web traffic.
The HTTPS protocol is the natural evolution of the HTTP protocol, with the connection being established and taking place via an encrypted channel.
Mozilla said it fully expects that HTTPS will become the standard way to navigate the web. As more websites will migrate to HTTPS, Mozilla said it will soon be possible for browser makers to deprecate HTTP connections altogether, effectively making the HTTPS-Only Mode the default browsing state going forward.