why does FF insist on using https when the address is http? Please unblock http://rebirthofreason.com
Dear All,
Why does FF insist on using https when the address is http? Please unblock http://rebirthofreason.com The site shows up just fine on Chrome, why not FF?
Thanks for your time!
All Replies (2)
Security concern Only. Every modern well-designed sites should redirect automatically HTTP traffic to HTTPS. HTTP is in clear, traffic accessible to every TAPer's. HTTPS is clearly more secure since: - the site is authenticated (you know you are _really_ contacting the site you want to contact). - connection are encrypted (Ok: more or less efficiently, but still...)
And this site asks for a user ID and password, in order to log in, using credentials which are supposed to be sent in clear across the wire !!!
FF is right: don't connect !
More generally, Firefox may change the address from HTTP to HTTPS if
- Cached redirect: Firefox cached a redirect from the server in the past -- you can test in a private window to bypass the cache from previous sessions, or clear Firefox's web cache (How to clear the Firefox cache)
- Pre-loaded HSTS: The server name is on a list of servers that Firefox should only connect to using HTTPS -- doesn't seem to be
- Cached HSTS: In the past while Firefox had an HTTPS connection to the server, it was instructed to always use HTTPS in the future (can be caused by alternate subdomains on the server) -- unlikely unless you are an administrator of the site
- Firefox's HTTPS Only mode: You turned on this new feature -- more info: HTTPS-Only Mode in Firefox
- Extensions: You run the HTTPS Everywhere extension or similar extensions that upgrade your connection when possible