Mozilla has announced the public release of its Firefox 91 browser, which features HTTPS by default in private browsing, along with an enhanced version of its Total Cookie Protection for individual websites.
Firefox HTTPS by Default
A Firefox 91 Private Browsing Window will favor secure connections to the web by default. For every website you visit, Firefox will automatically establish a secure, encrypted connection over HTTPS whenever possible.
Whenever you enter an insecure (HTTP) URL in Firefox’s address bar, or you click on an insecure link on a web page, Firefox will now first try to establish a secure, encrypted HTTPS connection to the website. In the cases where the website does not support HTTPS, Firefox will automatically fall back and establish a connection using the legacy HTTP protocol instead.
As noted by Mozilla, the new HTTPS by Default policy in Firefox Private Browsing Windows is not directly applied to the loading of in-page components like images, styles, or scripts in the website you are visiting; it only ensures that the page itself is loaded securely if possible. However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS.
Mozilla says it expects to expand HTTPS by Default beyond Private Windows in the coming months.
Firefox 91 Total Cookie Protection
When browsing on the web, websites will often leave cookies on your system, allowing the site to remember you and your preferences.
While many of these cookies are beneficial, as they allow websites to save your personal information, including your login information, allowing you to avoid logging in every time you visit the site. However, cookies can also be a privacy risk, due to the information they hold about you.
Total Cookie Protection protects against this, by making sure websites can’t track users across websites by partitioning data storage into one cookie jar per website.
With Enhanced Cookie Clearing, if you clear site data for comfypants.com, the entire cookie jar is emptied, including any data facebook.com set while embedded in comfypants.com.
Now, if you click on Settings -> Privacy and Security -> Cookies and Site Data -> Manage Data, Firefox no longer shows individual domains that store data. Instead, Firefox lists a cookie jar for each website you have visited. That means you can easily recognize and remove all data a website has stored on your computer, without having to worry about leftover data from third parties embedded in that website.
A new “Forget About This Site” option in the History menu deletes a site from history along with any cookies and caches for it.
Firefox 91 is now available from the Mozilla website.