SSL connections which you can identify by the HTTPS protocol in the address bar of the web browser provide additional security in comparison to the HTTP protocol. This is why many companies use SSL on security sensitive pages of their website which usually involve financial transactions or personal information. To put it bluntly: A bank not using SSL on their website cannot be trusted. HTTPS connections are encrypted which means the traffic is being protected from local network sniffers. There are however still attack points like keyloggers or viruses on the user’s system.
There is one additional problem concerning websites that do offer HTTPS connections on most of their network but not everywhere. Mouser over at Donation Coder mentioned a hidden setting in the NoScript (check my Firefox security profile for additional information) add-on of the Firefox web browser allowing to force HTTPS connections for listed websites. This is helpful in a few cases. Some websites offer both HTTP and HTTPS connections to their servers. Another possibility are websites that make use of HTTPS connections but not on all pages.
Users with the excellent No Script add-on installed can configure sites to always use a secure https connection when they are visited. This option can be accessed by right-clicking the NoScript icon in the Firefox status bar, selecting Options from the context menu, clicking on the Advanced tab in the configuration and there on the HTTPS tab.
New websites or pages that should be forced to use secure HTTPS connections can be added to NoScript in there. The use of wildcards is possible. Users should however note that this will not work on all websites. It will obviously not work on websites that do not offer HTTPS. There are also sites that automatically redirect HTTPS requests to HTTP. Google.com is a prime example of this. If you add google.com to the list you will notice a never ending loop when opening that website because of NoScript trying to force HTTPS and Google redirecting to HTTP.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
How To Force HTTPS ConnectionsHTTPS Everywhere Encrypts Connections, If Possible
Force Google HTTPS Search
HTTPS Everywhere 1.0 For Firefox Released
Block NoScript From Opening Homepage After Update
Awesome tip Martin – I never even knew that setting was in there! I once tried writing an extension to do the same thing and I could never seem to get it to work. This is perfect.