Home | Legacy Firefox Extensions | Content Policy | Contact



Force-TLS helps you manage sites that must be loaded over HTTPS only. Strict-Transport-Security is built into Firefox, but without a UI; this lets you import/export and manage these settings. Use Force-TLS to add, remove and back up your own forcing-to-HTTPS rules -- to be sure you always visit your favorite sites over HTTPS.

Old versions of ForceTLS were an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. Here's how it worked:

1. A site x.com served via HTTPS provides a Strict-Transport-Security HTTP header in its response. The header contains a max-age value (how long to remember the forced security) and optionally an includeSubDomains flag.
2. The browser receives this header and adds it to a Force TLS database.
3. In the future, any requests to x.com are modified to be via HTTPS if they are attempted through HTTP before the request hits the network.
4. If any subdomains *.x.com are requested via HTTP and the includeSubDomains flag was set, they are also forced to be HTTPS.

Use this add-on to extend Firefox so that it will listen to Strict-Transport-Security suggestions from web servers. This add-on will enforce secure connections for sites that use the Strict-Transport-Security header.

Download files:


This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.