Still broken in 38.0.1 Rated 1 out of 5 stars

Adding a site to the list has no effect, site still opens with HTTP. Checking the checkbox on the Permissions tab of the Page Info will also add the side to the list, but already when closing and reopening then Page Info (without reloading the page) the checkbox isn't set anymore (yet the site is still on the list).

And it's not Firefox that is broken here. When installing Enforce Encryption, opening the page with HTTPS and checking the force checkbox, the page is also added to the list in Force-TLS, but now it will open with HTTPS (as desired) and now the checkbox on the Permissions tab of the Page Info is checked when I open it, so this add-on does it right.

Enforce Encryption:

not compatible with firefox 36.0.1 Rated 1 out of 5 stars

I can add domains to forcetls addon list but I cant remove them.
and adding and removing them has no effect on the permission page on page info.and enabling the permission in page info has no effect whatsoever on website trying to go to https version.
and the list is no longer populated with website that advertise the hsts and its max age.

so basically it doesn't work.

作者と連絡が取れないアドオン Rated 1 out of 5 stars





I am looking for the opposite plugin Rated 1 out of 5 stars

Hi, I am looking for the exact opposite of this plugin. I use Firefox 9 with TLS deliberately deactivated in about:config. I would prefer SSL1 to SSL2, and SSL2 to SSL3. Surely Firefox can do this in proper ascending, rather than descending order? Everyone seems to be getting it BACKWARDS.

Seems not working Rated 1 out of 5 stars

SSL Button not detecting https site version
Domain manualy added to SSL list keeps on http
Looking for working alternaive
Latest Firefox version

the site of Sid Stamm is not https!? O.o Rated 4 out of 5 stars

Difficulty opening the same site of Sid Stamm. I installed Force-TLS but when i click on the link of your site it does not open! =D
the site of Sid Stamm is not https!? O.o

adds the missing HSTS manager for firefox Rated 5 out of 5 stars

Great extension, adds a HSTS manager than Firefox lacks for some unknown reason (but Chrome has).

Bug Report: if a domain is added for forced SSL and then Firefox encounters a self-signed (untrusted) certificate, you cannot accept the certificate - it will go into an endless loop - until you remove the domain from ForceTLS and then accept the certificate

Wishlist: ability to easily see/save the difference between the pre-loaded HSTS that comes with newer Firefox and user-defined (or maybe permanent vs non-permanent) ala a search filter at the bottom of the list

ps. add HSTS to your tags for this extension
to help google: chrome://net-internals/#hsts for firefox

useful but avg user may not need it Rated 4 out of 5 stars

Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" ( add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.

The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.

Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!

HTTPS-Everywhere on has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).

You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.

However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.

This review is for a previous version of the add-on ( 

Rated 3 out of 5 stars

it'd be great to have an option to force non https connections too

i agree with Tommy Åsén because i have the same problem with some sites.

it is an awesome add-on but it just needs that one small problem fixed / sorted

so please i must ask you to update your add-on

try to show us it's full potential

This review is for a previous version of the add-on ( 

love it, but would need a little thing Rated 4 out of 5 stars

It's great to be able to click links and always have the https version as some sites dont handle http well.
However i have one site where a subdomain is the exact oppiosite, https doesn't work at all so it'd be great to have an option to force non https connections too

This review is for a previous version of the add-on ( 

Useful but incomplete addon Rated 4 out of 5 stars

Very useful to access secure sites otherwise blocked by my ISP.

Since this addon allows you to maintain a *list* of sites, it's obvious that users may need to export/import the addon's setting. Hence the 4 star.

Meanwhile for those who want to copy/backup the settings from one profile to another, do this:
- Start Run(Win+R), type "%appdata%\Mozilla\Firefox\Profiles" (w/ or w/o quotes) and hit Enter. Here you'll find your Firefox profile(s).
- Copy the 'permissions.sqlite' file from your profile directory to the new profile dir (or a backup directory)
: )

This review is for a previous version of the add-on ( 

Rated 5 out of 5 stars

Robert Vamosi reports in today's Windows Secrets newsletter that "Firefox 5 also automatically connects your browser to secure webpages (https) when they exist, eliminating the need for third-party, add-on apps such as Force-TLS and HTTPS Everywhere." Does Force-TLS add any value to Firefox 5?

This review is for a previous version of the add-on ( 

import/export function Rated 5 out of 5 stars

By any chance can you please add an import/export function, so all you have to do for the next browser update would be just install the addon, then hit the import button which could, pop-up a normal explorer window, so that the user can pick their custom list. You may have to add a few allowed list extensions like .txt ; .doc; docx etc. Just an idea, if need help on doing that ask for help from Justin Scott (fligtar) he already added that to his addon.

This review is for a previous version of the add-on ( 

Hi Taylor! Yes, many people are requesting the import/export function, but I don't have a whole lot of time to work on Force-TLS. If you're interested in helping code that feature, drop me a line at and I'll point you to the docs and source code.

Rated 1 out of 5 stars

Shows that is will work for FF5 but does not work. Was using it with FF4 with no problems. It installs fine in FF5 but just does not work anymore.

Please update asap for FF5! Thanks!!

This review is for a previous version of the add-on ( 

One more privacy and security tool! Rated 4 out of 5 stars

I put this one in my Apollo! Pack! collection because it is one more tool for us to help plug one more leak. Maybe FF4 has this built in but 4 is a disaster. I urge people to run 3.6 until they fix 4 or maybe when they release 5 they will get their act together. Till then this one fills a void.

This review is for a previous version of the add-on ( 

Am i doing something wrong??? Rated 4 out of 5 stars

I have manually added "" to the list but on returning to a previously httpS page its no longer https.

This review is for a previous version of the add-on ( 

Rated 2 out of 5 stars

Why do you insist on breaking your own extension? For example, I just installed Force-TLS and noticed with glee and admiration that you finally included a site; However you set it to expire in 32 days??? It's, man! If they go, we all go! Why would they ever expire for any reason, or any other site for that matter. I just don't have it in me to carefully monitor my whitelist everyday for arbitrary deletions, who does?

This review is for a previous version of the add-on (  This user has 3 previous reviews of this add-on.

Rated 4 out of 5 stars

Although from what I understood that FF4 should force the https on sites that does support it, it doesnt seem to be the case. The GUI is great for being able to force the site that you want. Though I'm a bit worried that there is no import/export functionality. I already have a list of 30 sites in, and wouldn't want and would be very annoyed if I have to do it again, or replicate it to my other laptops.
Kindly, give me us import/export, 4 star or else would have been 5 stars

This review is for a previous version of the add-on ( 

working on it

Import/export functionality is something I'd like to add down the road... but I haven't had any time to implement it. If you'd like to work on it, send me an email ( and I'll point you to the source code.

Not reliable (doesn't work always) Rated 1 out of 5 stars

This extension doesn't work always!I manually enabled Force-SSL for some sites, but extension secured only part of HTTP requests (not all of them). This was verified with proxy server (Fiddler).
I think developers of Force-TLS should do more testing, especially with forms (with non-HTTPS targets), 302 redirects and other non-standard situations.

This review is for a previous version of the add-on (2.0). 

Force-TLS uses a "redirect to https" mechanism that's imperfect, and I'm working to try and fix that for Firefox 3.6 and earlier -- it's not simple.

Firefox 4 and later have much better support for changing non-https connections to https ones, and if you install version 3 of Force-TLS you can have the UI but the add-on will use the far superior built-in HTTPS-forcing features of Firefox 4.

Please email specific issues to and I'll try to fix them!

Good but, GUI could use some work. Rated 4 out of 5 stars

I've found the button for manually adding sites but, not for automatically launching them securely. It would be nice if there was a button in my status bar thing (the bottom panel in firefox) that would add/remove sites. Also, a universal always use HTTPS would be nice. There could then be a manual override or a blacklist type feature. Most sites I go to I really wouldn't mind the 2% overhead of knowing I'm a lot more secure.

For those that don't know: When you use https or any form of encryption for that matter there is a slight overhead (extra bandwidth) needed to send the encrypted data. This is because of two things:
1.) encrypted traffic is usually bigger than non-encrypted traffic.
2.) To enable the encryption a bit of data must first be sent back and forth so that using the magic of math both the server and your computer can learn to speak an encrypted language that no one else can understand. For more on this you could probably google cryptology.

This review is for a previous version of the add-on (2.0). 


Thanks for the review! If you've got thoughts on additional GUI features that would come in handy, please send an email to and I'll take a look!