Firefox 91 has HTTPS enabled by default in private browsing mode

The Firefox 91 browser, released on August 10, includes HTTPS by default in private browsing mode.

If a user enters a URL with HTTP in the Firefox address bar or follows an HTTP link on a web page, the browser first tries to establish an HTTPS connection to the specified site (implementing the HTTPS-First approach).

This is another major step for Mozilla in improving Firefox's handling of unsecured connections.

The announcement also noted that the new HTTPS policy used in private browsing does not apply to elements within the page, such as images, styles or scripts. The browser simply ensures that the page is loaded securely, if possible. If not, then the browser falls back to the HTTP version of the page.

At the moment, the HTTPS-First approach only extends to private browsing mode. According to security experts, Mozilla should also take this experience into the regular browser mode.

Subscribe to our updates to keep up to date with the latest news from the world of SSL!