How many of the websites that you visit are secure? We have all got into the habit of looking out for the padlock icon in the address bar that indicates we are visiting a secure site when making an online payment and performing other tasks online, but many of us give little thought to the matter when we are not parting with money. HTTPS Everywhere is a free extension that is available for Firefox and Chrome that can be used to ensure that you are always using a secure connection to visit sites.
You can improve your security when browsing the web by opting to visit the secure, encrypted version of a website rather than the standard one. This usually involves little more than changing the http part of the URL to read https instead, but this is something that few people could be bothered with doing on an on-going basis. HTTPS Everywhere can do the hard work for you, automatically redirecting your web browser to a secure version of a website whenever there is one available.
This is not an extension that is compatible with every web site that you may want to visit, but support is growing. It is not a magic solution that cures all privacy and security issues, but anything that helps to improve things even a little is to be welcomed, and as this is so simple and unobtrusive to use, there’s certainly so hardship involved in having it installed to see what it can do for you.
It is possible to create your own additions to the tool by creating ‘rulesets’. These are simple little XML files that can be used to automatically redirect your web browser from the regular version of a website to the secure version. Wildcards can be used to save having to write rules that are too complex and to cater for sites that make use of subdomains. Should you find that adding a ruleset causes a site to fails to function correctly, it is possible to temporarily disable it.
What's new in 2018.9.19 (see changelog for more info)?
- Ensure the 'Block all unencrypted requests' interstitial page catches more HTTPS misconfigurations
- Allow users to disable HTTPS Everywhere on specific sites
- Add additional UX controls in the options page for this
- Adding 'scope' to update channels, which defines regex limiting the URLs an update channel is allowed to operate on
- Bundled ruleset updates