LegacyCollector

Home | Legacy Firefox Extensions | Content Policy | Contact

Enforce Encryption

Author(s):



How to use Enforce Encryption


The setting applies to all pages of a site, the browser will always send you to the encrypted version automatically. You can also click "Stop enforcing" to allow unencrypted connections for this site again.

Why you should care about encrypting connections

If you use an unencrypted connection then everybody can listen in and see or manipulate all data that is being transmitted. They can learn what you like reading, they can impersonate you on the services you are using and they can inject their content into the webpages you are viewing. That content might be a fake news article, advertising or even malicious code intended to infect your computer.

How do people listen in? They can do this for example by being in the same public wireless hotspot as you, or by being an employee of your Internet provider, or by working for a government agency like the NSA. If you use encrypted connections then you make spying on you or messing with you a lot harder.

How Enforce Encryption helps

Many websites support both encrypted and unencrypted connections. If you are lucky, your password will be sent over an encrypted connection but other than that you have to switch to HTTPS manually. However, remembering this is very tedious, e.g. when you get to the website via a search engine or an old history entry.

There are other websites that will always redirect you to an encrypted version of their website. However, before they can redirect you your browser will contact the website over an unencrypted connection - and that's a chance for an attacker to manipulate the request and to keep you on an unencrypted connection (SSL Stripping). And if you don't pay attention you've lost.

Firefox has a built-in mechanism that can solve both issues by making sure that you always visit a website over an encrypted connection. However, this mechanism requires the website to opt in via the Strict Transport Security header - and so far many websites still don't do it. The Enforce Encryption extension makes this setting accessible via the Page Info dialog, this way you can enforce encrypted connections even for websites that didn't opt in.

Known limitations


Source code / Contributing

The extension source code is available under https://github.com/palant/enforceencryption.

Download files:

enforce-encryption-1.0.1-signed.xpi
enforce-encryption-1.0.1.1-signed.xpi
enforce-encryption-1.0.2.1-signed.xpi
enforce-encryption-1.0.4.xpi
enforce-encryption-1.0.5.xpi
enforce-encryption-1.0.6.xpi
enforce-encryption-1.0.7.xpi




This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.