ForceTLS is an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. This helps prevent cookie theft and other man-in-the-middle attacks when you're using an insecure network. Here's how it works:
The UI provided by version 2.0 and newer contains an "add new" feature that makes adding sites manually really simple. Just choose the "ForceTLS Configuration" option from the "Tools" menu, and fill out the dialog (Screenshot). You can use this configuration screen to remove the "forced" state of sites too.
Additionally, if you're on a site and want to quickly add a manual entry for it, open the "Page Info" dialog (ctrl-i), and pick the permissions tab. There's an entry for forcing the site at the bottom (Screenshot).
Go get it from addons.mozilla.org
Get the STS-UI add-on for Firefox 4.0beta (no longer maintained)
Or you can download it from here (but not over an HTTPS channel):
Version 3.0.2 (latest) -- MD5 digest: 9192fea24c9fa40a2ed0cb7ed6c948d9-
Version 2.0 -- MD5 digest: a456fadc144efc00580765b3d6a596bf-
Strict-Transport-Security = "Strict-Transport-Security" ":" "max-age" "=" delta-seconds [ ";" "includeSubDomains" ]When this header is present in a HTTPS response, Force-TLS will be enforced for delta-seconds and if includeSubDomains is present, all subdomains of the site served with the header will also be forced to use HTTPS.