Home > IT, Security, Tools > NoScript Force SSL

NoScript Force SSL

October 20th, 2008 Leave a comment Go to comments

I've always commented that I'm not a big fan of NoScript... I find browsing "modern" websites to be almost impossible with the plugin installed. For this reason, I don't know how popular it is with "the masses". That being said, I use it because a hindrance is better than a gaping security hole.

However, I've now found what I feel to be the best feature in NoScript. The ability to force HTTPS. Sites like Linkedin have always had issues with provided adequate HTTPS support. There are other sites that are HTTPS only, yet don't redirect HTTP to HTTPS. I've always found these issues to be frustrating. NoScript has solved these problems.

I've inserted a number of common websites I visit into the force HTTPS dialog and now, even if they have flakey HTTPS support that pushes you to HTTP on every request, I'm always using HTTPS. If I type in a address manually to a site that's configured only for HTTPS, NoScript forces the connection over to HTTPS and I no longer curse and go to the address bar to add the 's'.

This is an amazing feature and has greatly increased the value of NoScript in my eyes. Given that this isn't the core focus of the plugin, it's probably the single greatest addition that could have occured.

Update

Marcin just pointed out that LinkedIn public profiles don't exist over HTTPS (treguly (http) works, treguly (https) doesn't)

To resolve this, simply add www.linkedin.com/in/ to the "never force https connections" portion of NoScript.

Categories: IT, Security, Tools Tags: , ,
  1. January 19th, 2009 at 14:20 | #1

    thanks for the heads up, that is a great feature… i wonder how well it fares against middler…

  2. January 19th, 2009 at 14:20 | #2

    Ahh.. the middler… I got to spend quite a bit of time speaking with Jay at SecTor and I'm still eagerly awaiting the release of Middler both from a user and developer standpoint.

  1. October 20th, 2008 at 16:16 | #1