On November 17th (US time), Mozilla released “Firefox 83”, the latest version of the Web browser “Firefox”. The Mozilla Security Blog, run by the Mozilla security team, describes the new “HTTPS-Only Mode” in “Firefox 83 introduces HTTPS-Only Mode – Mozilla Security Blog”. When you enable this mode, Firefox will block connections to websites that don’t support HTTPS, making it more secure for your users.

  • Firefox 83.0

    Firefox 83.0

HTTPS is a protocol for securely performing HTTP communication by combining SSL / TLS encryption. In communication using HTTPS, since the transmitted and received data is protected by encryption, it is possible to prevent eavesdropping and falsification of the communication contents by a third party. At the moment, most sites on the Internet support HTTPS communication, but some sites are still accessible only via HTTP, which is a factor that hinders user safety.

The new HTTPS-Only mode in Firefox 83 forces users to upgrade to HTTPS communication when they try to access it by clicking an HTTP link or entering an HTTP URL in the address bar. Try. Furthermore, if the target is a site that does not support HTTPS, it blocks communication and warns that the connection is not secure.

HTTPS-Only mode can be enabled in the “Privacy & Security” section of the settings menu. As shown in the figure below, in addition to enabling HTTPS-Only mode in all windows, it can also be enabled only in private windows.

  • Enable HTTPS-Only mode in security settings

    Enable HTTPS-Only mode in security settings

If you access an HTTP site with HTTPS-Only mode enabled, communication will be blocked and a warning will be displayed as shown below.Make sure the connection isn’t secure, and if you still want to access it, leave it as is[HTTP サイトを開く]By clicking the button, only the relevant site can be accessed by temporarily disabling HTTPS-Only mode.

  • Block HTTP connection

    Block HTTP connection

You can also temporarily cancel HTTPS-Only mode from the pop-up that appears when you click the lock mark in the address bar.

  • HTTPS-Only mode can be temporarily disabled from the key mark in the address bar

    HTTPS-Only mode can be temporarily disabled from the key mark in the address bar

HTTPS-Only mode is disabled by default in Firefox 83, but we recommend that you enable it for added security.

In Firefox 83, in addition to HTTPS-Only mode, changes such as significant performance improvement of JavaScript engine, support for pinch zoom by touch operation, support for Apple Silicon, etc. have been added.