You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: readme.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,13 @@
1
+
[![][AMO_button]][AMO]
2
+
1
3
There are numerous similar extensions out there, but HTTPZ is different because it is not smart: it is Zmart. The following summarizes how it works with the default settings:
2
-
- When you are about to navigate to a site over HTTP, that request is aborted and a new one is started over HTTPS. If that new request results in an error, it is automatically redirected back to HTTP. If navigating to the site over HTTP throws an error too, HTTPZ does nothing more then. Otherwise, the host is added to the ignore list, and all subsequent requests to it are ignored by the extension for seven days.
3
-
- When you navigate to a site over HTTPS by yourself, or because of some external factor (like HSTS preloading), HTTPZ ignores that request, regardless of the outcome.
4
-
- When you navigate to a site over HTTPS and *the server* downgrades the request to HTTP, the extension notices this and automatically adds that site to the ignore list.
4
+
- When you are about to navigate to a site over HTTP, that request is aborted and a new one is started over HTTPS. If that new request results in an error, it is automatically redirected back to HTTP. If navigating to the site over HTTP throws an error too, HTTPZ does nothing more then. Otherwise, that host is added to the list of known insecure sites, and all subsequent requests to it are ignored by the extension for seven days.
5
+
- When you navigate to a site over HTTPS by yourself, or because of some external factor (like HSTS preloading), HTTPZ does not do anything to that request, regardless of the outcome.
6
+
- When you navigate to a site over HTTPS and *the server* downgrades the request to HTTP, the extension notices this and allows it. It automatically adds that site to the list of known insecure sites, and does not try to load that site over HTTPS for the next 7 days.
5
7
6
8
HTTPZ is meant to be unobtrusive and lightweight, it respects your privacy, and is free of trans fats. Additionally, it is very configurable, and should be slightly more secure than some of the alternatives out there, since it has a couple of built-in defenses against SSL-stripping attacks.
7
9
8
-
It also gets along well with extensions for managing contextual identities (containers), such as [Containerise][Cont] and [Temporary Containers][TC].
10
+
It also gets along well with extensions that I recommend for managing contextual identities (containers), such as [Containerise][Cont] and [Temporary Containers][TC].
9
11
10
12
Interested in more recommendations? Head over to the [ghacks-user.js][user.js] GitHub repository. It is an amazing project for hardening Firefox that I have contributed to, and a great source of information (including extension recommendations).
11
13
@@ -18,6 +20,8 @@ Acknowledgments
18
20
---------------
19
21
HTTPZ would not be what it is if not for [its testers' feedback on GitHub][issues].
0 commit comments