ForceHTTPS

What is ForceHTTPS?

The ForceHTTPS browser extension enhances the security of HTTPS web browsing by implementing a more rigorous error-processing mechanism. As wireless connectivity becomes ubiquitous and web browsers operate in an increasingly complex network landscape, the HTTPS protocol offers valuable protection against network-based attacks. However, real-world HTTPS deployments often face challenges such as misconfigured servers, leading to imperfect website experiences and inadvertent user compromises of browsing sessions. ForceHTTPS addresses these limitations by providing a simple opt-in security mechanism for websites or users to enforce stricter error handling, thereby mitigating the risks posed by lax error processing in standard browser implementations. The extension leverages a database of custom URL rewrite rules to transparently retrofit security onto certain insecure sites that support HTTPS, empowering sophisticated users to improve the overall security of their web browsing experience. The ForceHTTPS prototype is available as a Firefox browser extension, making it accessible to a wide range of users

Highlights

• Rigorous error-processing mechanism to enhance HTTPS security
• Opt-in security feature for websites and users
• Transparent retrofitting of security onto insecure HTTPS-enabled sites
• Database of custom URL rewrite rules for sophisticated users
• Available as a Firefox browser extension