Mozilla has taken another step towards protecting users from common cyber scams. With the latest Firefox 91, Mozilla has introduced HTTPS by default functionality in private browsing. However, ‘http’ sites will still load if ‘https’ is absent.
HTTPS by Default In Firefox 91 Private Browsing
According to a recent post, the “HTTPS by default” feature will work in private browsing mode with Mozilla Firefox 91.
As elaborated, when a user types a website URL in the address bar during private browsing, the browser will first attempt to fetch the ‘https’ result. However, if that isn’t available, then it will load the accessible ‘http’ site.
The same will also happen when the user attempts to visit a website via search engine results.
Nonetheless, Mozilla explained that this feature would predominantly work on site level, not on in-page components.
Note that this new HTTPS by Default policy in Firefox Private Browsing Windows is not directly applied to the loading of in-page components like images, styles, or scripts in the website you are visiting; it only ensures that the page itself is loaded securely if possible. However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS.
Another Step Towards Mandatory “HTTPS” For Sites
The recent move isn’t the first from Mozilla. Previously, the service launched “HTTPS-only” in late 2020 for regular browsing. Later, Google Chrome and Microsoft Edge also announced similar moves earlier this year.
However, Mozilla takes the lead once again by rolling out this feature as the default setting.
Applying HTTPS is something that the cybersecurity community has long advocated. But, despite several measures and constant urge on HTTPS, many websites still lack the SSL certificate. This even includes the sites from various businesses.
Consequently, the lack of HTTPS remains the biggest reason for most cyberattacks on websites and data breaches. Nonetheless, the increasing emphasis on HTTPS and crackdown against HTTP by web browsers may help in the thorough implementation of HTTPS by all websites.