Broken Rated 1 out of 5 stars

Doesn't load

Dead ! FF50 Rated 1 out of 5 stars

Don't work in FF50

Dead functionality Rated 2 out of 5 stars


Does NOT work in FF44.0.2 Rated 1 out of 5 stars

Does not work in newer firefox versions and it also does not remember manual settings on permissions page, I tick "always access secure content from this site" but it does not remember this setting.

Does not work in Firefox 42 due to a xml parse error Rated 1 out of 5 stars

In current Firefox the addon window doesn't work (for me) due to a xml parse error that looks like its related to the localisation of the addons.

Rated 1 out of 5 stars

Broken with Version 40 as well. Is there any other way to get HTTPS enforcement without having to set it manually site by site?

not working with Rated 2 out of 5 stars

firefox 39 :/ worked great with previous versions

Still broken in 38.0.1 Rated 1 out of 5 stars

Adding a site to the list has no effect, site still opens with HTTP. Checking the checkbox on the Permissions tab of the Page Info will also add the side to the list, but already when closing and reopening then Page Info (without reloading the page) the checkbox isn't set anymore (yet the site is still on the list).

And it's not Firefox that is broken here. When installing Enforce Encryption, opening the page with HTTPS and checking the force checkbox, the page is also added to the list in Force-TLS, but now it will open with HTTPS (as desired) and now the checkbox on the Permissions tab of the Page Info is checked when I open it, so this add-on does it right.

Enforce Encryption:

not compatible with firefox 36.0.1 Rated 1 out of 5 stars

I can add domains to forcetls addon list but I cant remove them.
and adding and removing them has no effect on the permission page on page info.and enabling the permission in page info has no effect whatsoever on website trying to go to https version.
and the list is no longer populated with website that advertise the hsts and its max age.

so basically it doesn't work.

作者と連絡が取れないアドオン Rated 1 out of 5 stars





I am looking for the opposite plugin Rated 1 out of 5 stars

Hi, I am looking for the exact opposite of this plugin. I use Firefox 9 with TLS deliberately deactivated in about:config. I would prefer SSL1 to SSL2, and SSL2 to SSL3. Surely Firefox can do this in proper ascending, rather than descending order? Everyone seems to be getting it BACKWARDS.

Seems not working Rated 1 out of 5 stars

SSL Button not detecting https site version
Domain manualy added to SSL list keeps on http
Looking for working alternaive
Latest Firefox version

the site of Sid Stamm is not https!? O.o Rated 4 out of 5 stars

Difficulty opening the same site of Sid Stamm. I installed Force-TLS but when i click on the link of your site it does not open! =D
the site of Sid Stamm is not https!? O.o

adds the missing HSTS manager for firefox Rated 5 out of 5 stars

Great extension, adds a HSTS manager than Firefox lacks for some unknown reason (but Chrome has).

Bug Report: if a domain is added for forced SSL and then Firefox encounters a self-signed (untrusted) certificate, you cannot accept the certificate - it will go into an endless loop - until you remove the domain from ForceTLS and then accept the certificate

Wishlist: ability to easily see/save the difference between the pre-loaded HSTS that comes with newer Firefox and user-defined (or maybe permanent vs non-permanent) ala a search filter at the bottom of the list

ps. add HSTS to your tags for this extension
to help google: chrome://net-internals/#hsts for firefox

useful but avg user may not need it Rated 4 out of 5 stars

Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" ( add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.

The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.

Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!

HTTPS-Everywhere on has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).

You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.

However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.

This review is for a previous version of the add-on ( 

Rated 3 out of 5 stars

it'd be great to have an option to force non https connections too

i agree with Tommy Åsén because i have the same problem with some sites.

it is an awesome add-on but it just needs that one small problem fixed / sorted

so please i must ask you to update your add-on

try to show us it's full potential

This review is for a previous version of the add-on ( 

love it, but would need a little thing Rated 4 out of 5 stars

It's great to be able to click links and always have the https version as some sites dont handle http well.
However i have one site where a subdomain is the exact oppiosite, https doesn't work at all so it'd be great to have an option to force non https connections too

This review is for a previous version of the add-on ( 

Useful but incomplete addon Rated 4 out of 5 stars

Very useful to access secure sites otherwise blocked by my ISP.

Since this addon allows you to maintain a *list* of sites, it's obvious that users may need to export/import the addon's setting. Hence the 4 star.

Meanwhile for those who want to copy/backup the settings from one profile to another, do this:
- Start Run(Win+R), type "%appdata%\Mozilla\Firefox\Profiles" (w/ or w/o quotes) and hit Enter. Here you'll find your Firefox profile(s).
- Copy the 'permissions.sqlite' file from your profile directory to the new profile dir (or a backup directory)
: )

This review is for a previous version of the add-on ( 

Rated 5 out of 5 stars

Robert Vamosi reports in today's Windows Secrets newsletter that "Firefox 5 also automatically connects your browser to secure webpages (https) when they exist, eliminating the need for third-party, add-on apps such as Force-TLS and HTTPS Everywhere." Does Force-TLS add any value to Firefox 5?

This review is for a previous version of the add-on ( 

import/export function Rated 5 out of 5 stars

By any chance can you please add an import/export function, so all you have to do for the next browser update would be just install the addon, then hit the import button which could, pop-up a normal explorer window, so that the user can pick their custom list. You may have to add a few allowed list extensions like .txt ; .doc; docx etc. Just an idea, if need help on doing that ask for help from Justin Scott (fligtar) he already added that to his addon.

This review is for a previous version of the add-on ( 

Hi Taylor! Yes, many people are requesting the import/export function, but I don't have a whole lot of time to work on Force-TLS. If you're interested in helping code that feature, drop me a line at and I'll point you to the docs and source code.