That comes from the site it's not something the Browser can change if the site requires https then it will have to be https. Certificates only come from the site mozilla can't provide that. If there is a issue with the site then you have to contact their webmaster.

This is a site running on local IIS server, the config does not require https as shown by the fact that I can browse http on Edge.

Sounds like it could be software security related? What addons do you have loaded in FF?

Only security software running is Windows Defender

FF Addons: Font Finder Katalon Recorder React Developer Tools TMetric – Time Tracker & Productivity App Trello Card ID

Just an update to this, I changed the binding name in IIS and updated the entry in the hosts file and am no longer getting sent to https. Definitely Firefox is making assumptions about that other domain. Not sure if it matters but I did update binding to be .com and not .dev (so I can test in chrome).

hi, please see https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/ https://medium.engineering/use-a-dev-domain-not-anymore-9521977...

Thanks philpp. I've known chrome has done this for a while, a couple of us at the office moved to firefox for this reason. I'm surprised information on firefox forcing this is so sparse, looks like that first article was updated the same day I posted.

If there was actually a good reason for doing this, I'd not be super pissed off right now. There should at least be some way to disable this. It reminds me of how people say not to use target="_blank", but for some reason hijacking my local dev is OK? Straight BS.

Of related use (which actually solved my problem):

The webserver may have "Strict-Transport-Security" switched on, which causes Firefox to immediately switch https.

"Stop firefox from forcing https:// even with autofill false"

https://support.mozilla.org/en-US/questions/1027355