To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!Close
Welcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.Close
Force-TLS 220.127.116.11-signed.1-signed Requires Restart
by Sid Stamm
Force-TLS helps you manage sites that must be loaded over HTTPS only. Strict-Transport-Security is built into Firefox, but without a UI; this lets you import/export and manage these settings.
About this Add-on
Old versions of ForceTLS were an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. Here's how it worked:
1. A site x.com served via HTTPS provides a Strict-Transport-Security HTTP header in its response. The header contains a max-age value (how long to remember the forced security) and optionally an includeSubDomains flag.
2. The browser receives this header and adds it to a Force TLS database.
3. In the future, any requests to x.com are modified to be via HTTPS if they are attempted through HTTP before the request hits the network.
4. If any subdomains *.x.com are requested via HTTP and the includeSubDomains flag was set, they are also forced to be HTTPS.
Use this add-on to extend Firefox so that it will listen to Strict-Transport-Security suggestions from web servers. This add-on will enforce secure connections for sites that use the Strict-Transport-Security header.
BUG REPORTS: Please send any bug reports to firstname.lastname@example.org
NOTE: if you add sites to the ForceTLS database yourself, those sites may not operate properly. Not all sites are able to serve all their data over HTTPS, and some things may fail to load. Additionally, not all sites serve all their content from their own domain, so you may have to force multiple domains to ensure a whole "site" is HTTPS.
Firefox 25 and EARLIER USERS: If you're using an old version of Firefox, the latest version of Force-TLS may not work for you. Most of Force-TLS is already built in as a feature called HTTP Strict-Transport-Security (HSTS), and now this add-on is mainly the UI for what's built in without one.
More information about ForceTLS and its spec are available at http://forcetls.sidstamm.com.
Addon FAQ is available here: https://code.google.com/p/force-tls/wiki/FAQ
This version removes a whole lot of code made unnecessary by Firefox 4 (and later), and provides a few new features:
- Better UI discovery (specifically in Windows and pre-release versions of Firefox)
- Settings import/export
- Misc bug fixes