资 源 简 介
Force-TLS allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites. Force-TLS is also compatible with Strict Transport Security.
The Force-TLS protocol is an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. Here"s how it works:
A site x.com served via HTTPS provides a Strict-Transport-Security HTTP header in its response. The header contains a max-age value (how long to remember the forced TLS) and optionally an includeSubDomains flag.
The browser recieves this header and adds it to a Force TLS database.
In the future, any requests to x.com are modified to be via HTTPS if they are attempte