Si crees que este complemento viola las políticas de complementos de Mozilla o tiene problemas de seguridad o privacidad, por favor informa a Mozilla utilizando este formulario.
Por favor, no utilices este formulario para informar de fallos en el complemento o solicitar nuevas funcionalidades; este informe se enviará a Mozilla y no al desarrollador del complemento.
I like it
With this add-on you can turn everything into HTTPS and only allow specific HTTP resources (by URL) when you want to, with a user interface a la NoScript. To do this, you have to enable the option "Always try HTTPS instead of blocking". It also cascades to all http:// linked resources on the page! Great job, exactly what I was looking for, I'm very happy.
After trying every other similar Add-On I could find, I thought HTTP Nowhere would solve the problem.
It's simple. I want ALL pages to be HTTPS. Except I also want to be able to add exception pages. Easy right? It's just, while HTTP Nowhere can do this, it won't check if HTTP pages has HTTPS version available before blocking them, although the option is enabled.
In conclusion.. I go to Google, click a stackoverflow.com result aaaand.. nothing. Because Stackoverflow is indexed by HTTP, so while HTTPS is available, it doesn't redirect.
If only all the other Add-Ons that does ONLY that (redirect HTTP to HTTPS, no exceptions available) could work together, but every other Add-On I tried never come into play because the HTTP request is blocked first.
Works as advertised with FireFox 40.0.2
This is a great add-on with lots of features. The only problem I sometimes have is that OCSP servers get blocked so I have to create an exception for them. I just installed it on FF 36 without any problems.
'HTTP Nowhere' was on the scrimage-line for their EFF.org quarterback: 'HTTPS Everywhere'.
As of Firefox 35, This add-on no longer installs.
I was trying to find a replacement for 'Http useragent cleaner" meaning all http connection gets automatically redirected to https and this addon works fine, the only issue, it does not have a temporary and more simple way(one click) to allow http connection
Unfortunately when you want it to switch to https and a site cannot do that the site become untrusted and you have to go through the whole process of creating an exception in FF. The preferences are rudimentary and you CANNOT just simply tell the add to TRY to push HTTPS and, failing that, just load HTTP. This is what HTTPS EVERYWHERE used to do. What happened to it? Unfortunately this ADD-ON is no replacement for it. I don't recommend this add on.
I think you're right that the preferences could be improved. However, I won't be implementing an option to try HTTPS first, then automatically fall back to HTTP, as that is not a secure practice and I would rather not encourage it. Thanks for the feedback.
Useful add-on, much more useful than HTTPS Everywhere!
Thank you for making Free Software!
Very useful add-on! Thank you!
Does what it says.
To Chris: Is HTTP Nowhere slowing things down and if so, can it be improved?
Apologies, it was an other plugin slowing things down!
Great idea to push sites to adopt HTTPS.
In this day and age with governments and ISP's spying on us the users, HTTPS should be a minimum requirement.
But many sites still don't offer it, specially news sites or older sites.
I suggest adding a button to this extension to allow users to shoot an e-mail to any site that still doesn't have HTTPS available so as to wake the sleepy webmaster up to the new reality of the internet.
Until then a 4 star! Thanks developers!
any new update?
useful add-on, that works
NEEDS! HTTPS! EVERYWHERE! Half the sites Nowhere prevents will work when Everywhere is also on.
Yes, A one-click on/off function, please. :)
Does what it says on the box. Needs one-click on/off function. Otherwise good.
https://www.eff.org/https-everywhere/development where it can still be found for Firefox and used. THIS link is to one of the best extensions on the Web in my opinion... Which stops here... good day.
Very happy with this extension with one exception. It would be nice if it either only applied to http, deynying http and allowing https or if it applied to http and ftp allowing https and ftps. Currently it blocks most ftp urls but has allowed some through.
I love this one! Used for a week now with no problems, and it does a good job at stopping insecure traffic when I turn it on. It even caught a few http connections that were being made by my other extensions that I didn't know about before. I would want to see an option in the future to try https urls with the same path when http urls would be blocked if possible.
Great idea. Wish I'd thought of it.
I went to one Yahoo website and HTTP Nowhere blocked about over 50 URLs. That would be okay if they were all Yahoo domain but they are not. If I white listed the Yahoo domain I could access it but because of all the connecting URLs on the webpage that are not Yahoo the page was unreadable. Yes there is a blocked list but who has the time to go through and white list hundreds of domains/URLs just to be able to read what is on the webpage.If you have a good AV software to protect against phishing, use a Firefox Add-on or two to block trackers I don't see the need to limit access to only HTTPS urls if you are not entering data but only reading and clicking and reading and clicking and so on. In almost all of these websites I never even login.My suggestion would be to modify HTTP nowhere to recognize when a person tries to login into a website. HTTP Nowhere would be disabled by default and only begin blocking when a person attempts to login to or enter data on a website or enter any data on a webpage without having to login. When a login is attempted or a person attempts to enter data on a website/web page then HTTP Nowhere would check to see if any of the URLs on the website domain are not HTTPS. If they are some associated with that website then the would be prevented from entering any data unless the white listed the domain and related URLs are now blocked. However they could still surf that website. Blocked URLs associated with that website should be clearly identified. The user then should have the option to white list the domain and white list some additional connected URLs that were blocked on that web page as now exists or to white list all with one click.There are just too many insecure websites with too many connected URLs that people visit but never enter data on to make HTTP Nowhere useable as currently designed.
Thanks for the feedback. The main purpose of this extension is to block access to *all* HTTPS urls while enabled. You can add a limited set of URLs to the whitelist, but if you find yourself trying to add a lot of them, you might want to reflect on why you're using the extension at all. If you're just looking for a way to use HTTPS seamlessly, when available, you might find HTTPS Everywhere to be a better fit for you. HTTP Nowhere is designed for people who want to occasionally put their browsers into a strict "Encrypted Only" mode, for enhanced security. Regarding your question about the need to limit access to HTTPS when you're not entering data, it all boils down to your threat model. Plain HTTP communication leaks a lot more information than HTTPS. Neither is perfect, but HTTPS is a better option when available.