This extension is defunct as of Pale Moon 28.0. The Upgrade Insecure Requests header is now built-in.
I have a question
Aug 12 2018, 1:51 PM
Can you also please compare this to Enforce Encryption by Wladimir Palant?
Would these two be redundant or complementary?
RealityRipple
Aug 12 2018, 3:10 PM
Huh... it looks like they fake-add the Strict-Transport-Security header <https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security> to every page you tell it to apply to, effectively making the browser do all the work in attempting to access a secure page. That's a clever way to accomplish it... UIR Header tells the website to give the browser the HTTPS version. Enforce Encryption tells the browser to try to load the HTTPS version, as though it came from the website. The Upgrade-Insecure-Requests header wouldn't really come into play at all. I mean, it could, but it probably wouldn't. It would be a website-by-website thing whether or not they're redundant. They shouldn't interfere with each other, at least.
Lew Rockwell Fan
Mar 20 2018, 2:17 PM
How does this differ from Encrypted Web (which still works fine even if it doesn't have a maintainer)
RealityRipple
Mar 20 2018, 2:27 PM
Encrypted Web (or HTTPS Everywhere) uses a list of rules to determine if a website supports HTTPS and redirects your browser to the secure version of the page, if it exists. UIR Header tells the website you're visiting that you want the secure version and lets the site you're visiting choose how to respond.
Alexander
Mar 14 2018, 11:14 AM
Could you give an example where it could be useful?
Why proza.ru is not automatically switched to HTTPS even though it is possible?
RealityRipple
Mar 14 2018, 12:54 PM
The website has to support the Upgrade-Insecure-Requests header. Also, how they support it is up to them. Some may only change the parts they think should be secure, or make things like images and scripts secure. It's up to each website to decide how to handle the header.
UIR Header Comments