ForceTLS is an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. Here's how it works:
1. A site x.com served via HTTPS provides a X-Force-TLS (or Strict-Transport-Security) HTTP header in its response. The header contains a max-age value (how long to remember the forced TLS) and optionally an includeSubDomains flag.
2. The browser recieves this header and adds it to a Force TLS database.
3. In the future, any requests to x.com are modified to be via HTTPS if they are attempted through HTTP before the request hits the network.
4. If any subdomains *.x.com are requested via HTTP and the includeSubDomains flag was set, they are also forced to be HTTPS.
Use this add-on to extend Firefox so that it will listen to X-Force-TLS suggestions from web servers. This add-on will enforce secure connections for sites that use the X-Force-TLS header as well as the Strict-Transport-Security header.