HTTPS Everywhere Extension No Longer Needed: Browsers Add HTTPS-Only Modes

The developers at the Electronic Frontier Foundation (EFF) have announced their intention to discontinue the well-known browser extension HTTPS Everywhere. This decision comes as HTTPS is now used almost everywhere, and many popular browsers have introduced HTTPS-only modes.

To recap, HTTPS Everywhere was launched in 2010 with a simple purpose: it forced a secure HTTPS connection on all websites where it was possible. Even if a user tried to access an unsecured version of a site, the extension would redirect them to the HTTPS version if available. Over the years, the extension gained a cult following among privacy advocates and was integrated into the Tor Browser, as well as many other privacy-focused browsers.

EFF’s Technology Director Alexis Hancock explained that starting at the end of this year and into 2022, the extension will enter “maintenance mode.” This means it will only receive minor bug fixes, with no new features or further development. The final end-of-life date for HTTPS Everywhere, after which updates will stop completely, has not yet been determined.

The developers made this decision because currently about 86.6% of all websites on the internet already support HTTPS connections. Browser makers, including Chrome and Mozilla, have previously reported that HTTPS traffic accounts for 90% to 95% of all connections.

Furthermore, in 2020, several major browser vendors added HTTPS-only modes to their products. In these modes, the browser automatically tries to switch from HTTP to HTTPS, or displays an error message if a secure connection isn’t possible. Essentially, HTTPS-only modes—now available in Mozilla Firefox, Google Chrome, Microsoft Edge, and Apple Safari—do the same thing that HTTPS Everywhere has been doing for over a decade.

According to a report published by Mozilla in March 2021, Firefox only had to switch from HTTP to HTTPS in 3.5% of cases, while 92.8% of web pages loaded using HTTPS connections right away.