Hello:
If I understand correctly, enabling the HSTS protocol in the Security options makes Pale Moon use HTTPS.
So, is HTTPS Always needed any more with this option checked?
But enabling HSTS might come with some privacy concerns according to an old post (viewtopic.php?t=9999#p68698).
With this in mind, is there any advantage to disabling the HSTS protocol while at the same time using HTTPS Always?
Or is this issue moot altogether given that the majority of mainstream websites use https by default?
Is HTTPS Always needed any more?
Moderators: FranklinDM, Lootyhoof
-
ltcomdata
- Moon lover
- Posts: 79
- Joined: 2015-06-28, 03:49
- Location: WI
-
Moonchild
- Pale Moon guru
- Posts: 38481
- Joined: 2011-08-28, 17:27
- Location: Sweden
Re: Is HTTPS Always needed any more?
A lot has changed in the past 10 years.
HSTS is pretty much standard. you can still disable it if you want for the privacy reasons indicated.
HTTPS everywhere/HTTPS always doesn't have much use any more. The extension was primarily to deal with the transition period on the web, and if a site currently uses http and not https, it is usually for a reason.
Note that the extension and HSTS perform 2 slightly different functions.
HSTS is pretty much standard. you can still disable it if you want for the privacy reasons indicated.
HTTPS everywhere/HTTPS always doesn't have much use any more. The extension was primarily to deal with the transition period on the web, and if a site currently uses http and not https, it is usually for a reason.
Note that the extension and HSTS perform 2 slightly different functions.
"There is no point in arguing with an idiot, because then you're both idiots." - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
RealityRipple
- Keeps coming back
- Posts: 908
- Joined: 2018-05-17, 02:34
- Location: Los Berros Canyon, California
Re: Is HTTPS Always needed any more?
The "Enable Upgrade Insecure Requests" checkbox is probably the saner option than the extension: it lets the site you're visiting know you want to be redirected to its secure version.
-
frostknight
- Keeps coming back
- Posts: 766
- Joined: 2022-08-10, 02:25
Re: Is HTTPS Always needed any more?
Some sites for me such as archive.org, don't automatically go to https. This being said, I use https always for those specific sites.RealityRipple wrote: ↑2025-10-31, 18:25The "Enable Upgrade Insecure Requests" checkbox is probably the saner option than the extension: it lets the site you're visiting know you want to be redirected to its secure version.
Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Say NO to Fascism and Corporatism as much as possible!
Also, Peace Be With us All!
If you wish to be humbled, try to exalt yourself long term If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Say NO to Fascism and Corporatism as much as possible!
Also, Peace Be With us All!