HTTPS-Only Mode is a security feature that ensures you only connect to websites using encrypted HTTPS connections. When enabled, Oasis will ask for your permission before connecting to any website using insecure HTTP connections.
What is HTTPS-Only Mode?
HTTPS-Only Mode is a browser security feature that enforces secure, encrypted connections to websites. It prevents accidental connections to insecure HTTP sites and ensures your data is protected during transmission.
How It Works
- Automatically upgrades HTTP to HTTPS
- Blocks insecure connections by default
- Prompts for permission before HTTP access
- Maintains security across all websites
- Protects against man-in-the-middle attacks
Security Benefits
- Encrypts all web traffic
- Prevents data interception
- Protects login credentials
- Secures form submissions
- Prevents session hijacking
Understanding HTTP vs HTTPS
Understanding the difference between HTTP and HTTPS is crucial for online security:
HTTP (Insecure)
HTTP connections transmit data in plain text, making it vulnerable to interception by hackers, network administrators, or anyone monitoring the network traffic.
HTTPS (Secure)
HTTPS connections encrypt all data using SSL/TLS protocols, ensuring that information is protected from interception and tampering during transmission.
HTTPS-Only Mode
HTTPS-Only Mode automatically attempts to use HTTPS for all connections and asks for permission before allowing any HTTP connections.
Enabling HTTPS-Only Mode
Follow these steps to enable and configure HTTPS-Only Mode:
Access Security Settings
Open Oasis settings and navigate to Privacy & Security. Look for "HTTPS-Only Mode" or "Security" settings to access the feature.
Enable HTTPS-Only Mode
Find the option to "Enable HTTPS-Only Mode" and check the box to activate this security feature. You can choose between different enforcement levels.
Configure Settings
Choose your preferred enforcement level: Standard (recommended), Strict (maximum security), or Custom (selective enforcement).
Test the Configuration
Visit websites to ensure HTTPS-Only Mode is working correctly and that you're being prompted appropriately for HTTP connections.
HTTPS-Only Mode Levels
Standard Mode (Recommended)
- Automatically upgrades HTTP to HTTPS when possible
- Prompts for permission before HTTP connections
- Balances security with usability
- Works for most websites and users
- Provides good protection without being overly restrictive
Strict Mode (Maximum Security)
- Blocks all HTTP connections by default
- Requires explicit permission for each HTTP site
- Maximum security protection
- May break some websites that don't support HTTPS
- Best for high-security environments
Custom Mode (Selective)
- Allows you to configure specific rules
- Set exceptions for trusted sites
- Customize enforcement per domain
- Advanced user control
- Requires more configuration
How HTTPS-Only Mode Works
Connection Attempt
When you try to visit a website, Oasis first attempts to connect using HTTPS, even if you typed HTTP in the address bar.
HTTPS Upgrade
If the website supports HTTPS, Oasis automatically upgrades the connection and loads the secure version of the site.
Permission Prompt
If the website doesn't support HTTPS, Oasis shows a warning and asks for your permission before connecting via HTTP.
Managing HTTP Permissions
When You See Prompts
- Website doesn't support HTTPS
- HTTPS connection fails
- Certificate errors occur
- Mixed content issues
- Legacy system requirements
Making Decisions
- Consider the website's purpose
- Evaluate the sensitivity of data
- Check if HTTPS is available
- Use alternative secure sites
- Report sites that need HTTPS
Security Benefits
Data Protection
- Encrypts all transmitted data
- Protects login credentials
- Secures form submissions
- Prevents data interception
- Protects against eavesdropping
Privacy Enhancement
- Hides browsing activity
- Protects against tracking
- Maintains session privacy
- Prevents traffic analysis
- Enhances overall privacy
Attack Prevention
- Prevents man-in-the-middle attacks
- Blocks session hijacking
- Protects against data tampering
- Prevents credential theft
- Secures against network attacks
Common Scenarios
Secure Websites
- Most modern websites support HTTPS
- Automatic upgrade works seamlessly
- No user intervention required
- Enhanced security automatically
- Better user experience
Legacy Websites
- Some older sites may not support HTTPS
- You'll be prompted for permission
- Consider security implications
- Look for HTTPS alternatives
- Report sites that need updates
Mixed Content
- HTTPS pages with HTTP resources
- May trigger security warnings
- Some content may be blocked
- Affects page functionality
- Website needs to be updated
Best Practices
Security Recommendations
- Always enable HTTPS-Only Mode
- Use Standard or Strict mode
- Be cautious with HTTP permissions
- Regularly review HTTP exceptions
- Keep browser updated
User Guidelines
- Only allow HTTP for trusted sites
- Avoid entering sensitive data on HTTP sites
- Look for HTTPS alternatives
- Report sites that need HTTPS
- Use secure alternatives when possible
Troubleshooting
Common Issues
- Websites not loading properly
- HTTPS upgrade failures
- Certificate errors
- Mixed content warnings
- Permission prompts too frequent
Solutions
- Check website HTTPS support
- Clear browser cache and cookies
- Update browser to latest version
- Configure site exceptions
- Contact website administrators
Advanced Configuration
Custom Settings
- Configure site-specific rules
- Set up exception lists
- Customize warning messages
- Configure automatic upgrades
- Set up enterprise policies
Enterprise Features
- Group policy integration
- Centralized configuration
- Compliance reporting
- Security monitoring
- Automated deployment
What to Expect
When using HTTPS-Only Mode, you may experience:
Security Benefits
- Enhanced data protection
- Improved privacy
- Reduced attack surface
- Better security posture
- Peace of mind
User Experience
- Occasional permission prompts
- Some sites may not work
- Automatic HTTPS upgrades
- Enhanced security warnings
- Better overall security
Technical Details
HTTPS-Only Mode uses advanced security technologies to enforce encrypted connections:
How HTTPS-Only Mode Works
- Automatic Upgrade: Attempts to connect via HTTPS even when HTTP is specified
- Protocol Enforcement: Blocks insecure connections by default
- Permission Management: Requires explicit user consent for HTTP connections
- Certificate Validation: Verifies SSL/TLS certificates for authenticity
- Mixed Content Protection: Blocks insecure resources on secure pages
Since Oasis is built on Firefox core technology, HTTPS-Only Mode provides the same robust security enforcement with enhanced protection against insecure connections.
Need Help with Oasis Browser?
Join our Discord community to get support, ask questions, and connect with other Oasis users and the Kahana team.
Related Documentation
Connection Upgrades
Learn how Oasis automatically upgrades connections to more secure protocols, enhancing your browsing security and protecting your data during transmission.
Deceptive Content and Dangerous Software Protection
Learn how Oasis protects you from phishing attacks, malware, and other deceptive content that could harm your device or compromise your security.
Password Manager - Alerts for breached websites
Learn how to receive alerts about passwords for breached websites and protect your accounts from security threats.
About the Author
I'm the CTO of Kahana, bringing a unique perspective from my management consulting experience at Clarkston Consulting and biomedical engineering background from Duke University. I'm focused on making the future of work more ergonomic through innovative technology solutions that prioritize user well-being and productivity.