HTTPS Everywhere: What is it, and can you use it today?
When you load a website, your data can either travel in plain text or through an encrypted connection—and that difference matters more than most people think. For years, an extension called HTTPS Everywhere helped close that gap by automatically upgrading thousands of websites from unencrypted (HTTP) to secure (HTTPS) versions.
It was built by the Electronic Frontier Foundation (EFF) and The Tor Project to make the web safer by default. And for a long time, it did just that—until it was discontinued in 2023, as most modern browsers began upgrading HTTP to HTTPS automatically. While the extension is no longer needed, the importance of encrypted, private browsing remains as strong as ever.
This article looks at what HTTPS Everywhere did, why it became such a key tool for online privacy, and what you can use instead to keep your data safe today.
What is HTTPS Everywhere?
HTTPS Everywhere was a browser extension designed to fix a security issue that used to be surprisingly common on the web. Even when websites supported HTTPS—the secure, encrypted version of their pages—they often didn’t use it by default. That meant people were unknowingly connecting over the plain old HTTP, where their activity could be intercepted or tampered with.
EFF and Tor built the extension to change that. It quietly ran in the background and made sure your browser used the secure version of a site whenever possible. No need to configure anything or remember to type “https” yourself—it just worked. Whether you were checking your email or reading the news, HTTPS Everywhere helped make sure your connection was encrypted.
Over time, it became a go-to privacy tool for millions of users. It was perfect for anyone who didn’t want to mess with technical settings but still wanted to browse more safely.
But it didn’t just protect users—it also helped push the web in the right direction. As more websites adopted HTTPS and browser makers built in their own security tools, HTTPS Everywhere played a key role in making secure connections the norm instead of the exception.
How HTTPS Everywhere worked
HTTPS Everywhere used a set of rules to help your browser make smarter choices. If a website had a secure version available, the extension would quietly step in and redirect you to it—no setup or action needed on your part.
These rules were created and maintained by the developers and updated regularly to cover as many websites as possible. Over time, the list grew to include thousands upon thousands of sites. That meant better protection for everything from login pages to online forms—even on sites that didn’t automatically use HTTPS.
To be clear: HTTPS Everywhere didn’t create secure connections from scratch. It could only upgrade to HTTPS if the site already supported it. But even that small step made a big difference—especially back when many websites still hadn’t made the switch to HTTPS by default.
Why HTTPS Everywhere was discontinued
HTTPS Everywhere stopped getting updates in 2022. By then, most major browsers—like Chrome, Firefox, and Edge—had already built in their own tools to force HTTPS connections. These features worked automatically and didn’t need an extension, which made HTTPS Everywhere less essential for most people.
The Electronic Frontier Foundation felt the extension had done its job. Since modern browsers were now doing the heavy lifting on their own, EFF decided it was time to retire the project. As they put it, the web had reached a “tipping point” where HTTPS was finally becoming the default instead of the exception.
If you’re still using HTTPS Everywhere, it might technically still work. But since it’s no longer being updated, the list of supported sites is frozen, and you won’t get any new fixes or improvements.
At this point, your browser’s built-in HTTPS-Only Mode (or similar setting) is the way to go. It offers the same kind of protection—and often does an even better job—all without needing to install anything extra.
Why HTTPS is important
Most of what we do online—signing in, shopping, sharing personal info—relies on some level of trust. But without encryption, that trust is mostly an illusion. HTTPS is what helps make it real.
When a site uses HTTPS, it means the connection between your browser and the website is encrypted. So if someone tries to snoop on your activity—like on public Wi-Fi—all they’ll see is scrambled data, not the actual info you’re sending or receiving.
This encryption is secured by TLS (Transport Layer Security), a behind-the-scenes protocol that uses public and private keys to keep your data safe in transit. You won’t notice it working—but it’s what prevents attackers from reading or tampering with your information.
HTTPS also helps your browser verify that the site you’re visiting is the real deal, not a fake copy trying to trick you. That’s possible thanks to digital certificates, which are issued by trusted authorities and checked by your browser in the background. If something doesn’t match up, the browser will give you a warning before loading the page.
These days, HTTPS isn’t optional—it’s expected. Modern browsers label sites without it as “Not Secure,” which can be enough to drive people away. Google even uses HTTPS as a ranking factor, so skipping it can hurt your visibility in search results. What used to be reserved for login or payment pages is now the standard for any site that wants to be trusted—and for anyone who wants to stay safe online.
Risks of non-HTTPS websites
If a site doesn’t use HTTPS, the connection between your browser and that site isn’t encrypted. That means someone on the same network—like in a coffee shop or airport—could see what you’re doing or even steal sensitive info like passwords or payment details.
It also leaves the door open for tampering. Attackers could inject fake content, redirect you to scammy pages, or even quietly load malware in the background—all without you noticing. These kinds of threats are often part of what’s known as man-in-the-middle attacks, where someone secretly intercepts or alters the data traveling between you and the website.
If a website still isn’t using HTTPS today, it’s a red flag—they haven’t taken even the most basic steps to protect their visitors.
How to check if a website uses HTTPS
Checking whether a site uses HTTPS is easy:
- Check the URL: A secure site’s address begins with https:// instead of http://. In most browsers, you'll need to click on the address bar to see the full URL clearly.
- Click the site info icon: Chrome and other browsers may no longer show a padlock, but clicking the icon (often a small arrow or info symbol) next to the URL will reveal details about the site’s security, including whether your connection is encrypted and if the certificate is valid.
If you want to go deeper, tools like SSL Server Test or SSL Shopper's SSL Checker let you see things like when a certificate expires or if there are any issues with it.
Alternatives to HTTPS Everywhere
When HTTPS Everywhere was first released, most browsers didn’t have any built-in tools to enforce secure connections. But that’s changed—today, browsers like Chrome, Firefox, Edge, Brave, and Safari all include features like HTTPS-Only Mode, which automatically try to connect you to the secure version of a website.
So, for most people, there’s no longer a need to install a separate extension. Browsers are doing the job themselves—and doing it well.
If you're not sure which browser offers the strongest privacy features, ExpressVPN’s guide to the best browsers for privacy is a helpful place to start.
HTTPS Everywhere vs. HTTPS-Only Mode
At a glance, HTTPS Everywhere and HTTPS-Only Mode sound like they do the same thing—and in most cases, they do. Both make sure your browser connects to websites using HTTPS whenever possible. But there are a few key differences:
- HTTPS Everywhere: This extension used a custom set of rules to force HTTPS connections on websites that supported it at a time when browsers didn’t handle that automatically. That made it useful for sites with unusual setups or ones that didn’t redirect properly on their own. It also let users apply stricter rules if they wanted more control.
- HTTPS-Only Mode: Built into browsers like Chrome and Firefox, this setting tries HTTPS first and blocks or warns you if the secure version isn’t available. It’s simpler, automatic, and reliable for most users.
How to turn on HTTPS-Only Mode on your desktop browser
Most modern browsers try to load the secure version of websites—but not all of them enforce it by default. That’s why it’s worth knowing how your browser handles HTTPS and how to turn on the setting that makes secure connections the default every time. It’s quick to set up, runs quietly in the background, and adds an extra layer of protection without changing how you browse.
Chrome
If you’re using Chrome version 94 or later, you can enable a built-in option called “Always use secure connections.” Here’s how:
- Open Google Chrome, and click the three-dot menu in the top-right corner.
- Select Settings.
- In the left-hand menu, click Privacy and security.
- Choose Security.
- Scroll down and toggle Always use secure connections.
Once it’s on, Chrome will automatically try to load HTTPS versions of any site you visit. If it can’t, it’ll show you a warning before continuing. It’s a simple way to reduce your exposure to unencrypted connections.
Firefox
Firefox has a built-in HTTPS-Only Mode that lets you automatically use secure connections wherever possible. Here’s how to turn it on:
- Open Firefox and click the menu button (three lines) in the top-right corner.
- Select Settings.
- In the left sidebar, click Privacy & Security.
- Scroll down to the HTTPS-Only Mode section, and choose one of the following options:
- Enable HTTPS-Only Mode in all windows
- Enable HTTPS-Only Mode in private windows only
Edge
Microsoft Edge includes a feature called Automatic HTTPS, which tries to upgrade your connections to HTTPS when possible. By default, it works on websites that are likely to support it, but you can turn on a setting to upgrade all connections automatically. Here’s how to enable it:
- Open Microsoft Edge and click the three-dot menu in the top-right corner of the browser window.
- Select Settings from the dropdown menu.
- In the Settings page, choose Privacy, search, and services from the sidebar.
- Go to the Security section.
- Look for Automatically switch to more secure connections with Automatic HTTPS and toggle it on.
Safari
Safari doesn’t have a full HTTPS-Only Mode like some other browsers, but it does include a setting that warns you before visiting a site that doesn’t use HTTPS. Here’s how to turn it on:
- Open Safari on your Mac. Click Safari in the menu bar, then choose Settings.
- Go to the Security tab and check the box labeled Warn before connecting to a website over HTTP.
Brave
Brave has HTTPS built in by default. Since version 1.50, the browser automatically tries to load the secure version of any website you visit. If that’s not possible—because the site doesn’t support HTTPS or breaks when loaded securely—Brave will quietly fall back to HTTP without notifying you, which can be a drawback if you want to know when your connection isn’t fully secure.
There’s no setting to toggle and nothing to configure. It just works in the background, giving you secure connections wherever possible—as long as the site supports it.
Opera
When the “Always use secure connections” option is enabled in the settings, Opera will try to load the HTTPS version of a website and warn you before connecting over HTTP if a secure version isn’t available.
- Open Opera and click the "O" menu in the top-left corner (or go to opera://settings in the address bar).
- In the left-hand menu, click Privacy & security.
- Go to Security.
- Find the option labeled Always use secure connections and toggle it on.
How to turn on HTTPS-Only Mode on your mobile browser
On Chrome for Android
Starting with Chrome version 94, Android users can enable the “Always use secure connections” feature, which functions similarly to HTTPS-Only Mode. Here's how to activate it:
- Open the Chrome app on your Android device, and tap the three-dot menu in the top-right corner.
- Select Settings.
- Navigate to Privacy and security.
- Scroll down and toggle on Always use secure connections.
On Safari for iOS
Safari includes a feature called “Not Secure Connection Warning,” which alerts you when you’re about to visit a site that doesn’t use HTTPS. To turn it on:
- Open the Settings app on your iPhone, scroll down, and tap on Apps.
- Click on Safari.
- Toggle on Not Secure Connection Warning.
How VPNs and HTTPS work together
HTTPS encrypts the data between your browser and a website. That means if you submit a password, send a message, or enter payment info, it’s protected from anyone trying to spy on that exchange.
A VPN takes that protection a step further. It encrypts all traffic leaving your device—not just browser activity—and routes it through a secure server. It also masks your IP address, making it harder for websites to track who you are or where you’re connecting from.
Used together, they provide layered protection: HTTPS secures the contents of the connection, while a VPN secures the connection itself and helps keep your identity private. That’s why using a VPN even on HTTPS sites still matters—especially on public Wi-Fi or shared networks, where exposure risks are higher.
Want to know more about how HTTPS compares to a VPN? This breakdown dives into how each one protects your data—and where their roles differ.
FAQ: Common questions about HTTPS Everywhere
What is HTTPS Everywhere used for?
HTTPS Everywhere was a browser extension that forced websites to use HTTPS instead of HTTP, helping your browser load secure versions of pages whenever possible. It gave your browser a gentle push toward the safer option—so your data, like passwords or messages, stayed encrypted while in transit.
Back when many websites didn’t default to HTTPS, the extension filled in the gap and quietly upgraded your connection without you having to do anything.
Is HTTPS Everywhere safe?
Yes. It was created by the Electronic Frontier Foundation (EFF) and The Tor Project—two well-known organizations that work to protect internet privacy. The extension didn’t collect much user data and was built with security in mind, helping people browse more safely without compromising their privacy.
Do I still need HTTPS Everywhere in 2025?
No, you don’t. Browsers like Chrome, Firefox, Edge, and Brave already try to load the HTTPS version of a site by default. Features like HTTPS-Only Mode or “Always use secure connections” are built in, so the extension isn’t really needed anymore.
When HTTPS Everywhere launched, it solved a real problem. But today, secure browsing is something your browser already handles for you.
Is HTTPS Everywhere still useful?
Not really. Most browsers now handle HTTPS upgrades on their own, without needing extra help. Features like HTTPS-Only Mode are built in and keep getting updated. So if you're still using the extension, it won't hurt anything, but it’s no longer doing anything your browser isn’t already taking care of.
Why is HTTPS Everywhere discontinued?
Because it outlived its purpose. As the web shifted toward secure-by-default, and browsers added their own HTTPS enforcement, EFF decided the extension had done its job. It was officially retired once HTTPS became the norm—not the exception.
What happens if a site doesn’t support HTTPS?
Your connection isn’t encrypted. That means other people on the same network—or someone spying on your internet traffic—could see what you’re doing. Most browsers now warn you if a site is insecure.
How do I turn off HTTPS Everywhere in Chrome?
If you still have HTTPS Everywhere installed in Chrome, you can remove it by opening the Chrome menu (the three dots in the top-right corner), selecting Extensions, finding HTTPS Everywhere in the list, and clicking Remove.
Once it’s gone, you can turn on Chrome’s built-in HTTPS protection by heading to Settings > Privacy and security > Security and enabling the “Always use secure connections” option.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
Get ExpressVPN
Comments
Thanks good for now
Well i got new router Just today i very like vpn gets me things that i like that have regio lock so thanks
What’s wrong with vpn server? I tried to connect vpn on my phone and laptop, but it’s not possible. Notification is that von server didn’t respond
Hi Irina, sorry you're having difficulties. Please contact our Support Team, and they will help you get it sorted.
Those products are excellent! Why are they NOT FOR ANDROID?
Hi Dyanne! You can get ExpressVPN for Android here. Or from the Google Play store!
i can not conect to vpn, i do not know why
Hi magdaleno, please contact the Support Team and they will help you get it sorted ASAP.
my VPN can't respond ..thank u
1
the web speed is too slow。。。is there any solution?
Hi ww, you likely need to change the VPN location you connect to. Have you tried connecting with Smart Location? Contact our Support Team if you need any help.
Xxx
Vpn does not work and stops working!!!!
Hi Jacob. Sorry to hear this! If you're having troubles, please contact the Support Team and they will get it sorted, pronto.
Had to replace hard drive. EVPN website is blocked. How do I download it to new drive?
Hi ED, please contact the Support Team and they will help you.
I’m very pleased to report that my vpn speeds are outstanding! I pay for 400mbps download and 10mbps upload in my internet package. I also get ExpressVPN on an annual package deal. I’m also very happy at one connection speed clocking a whopping 488mbps download and 12mbps upload at top speed on my ookla speed test app! This needless to say is very good. I was amazed at these speeds for a vpn as they tend to slow things down at the server end. Not going to vivulge my rapid speed location but it’s out there to find vpn users. ExpressVPN, how about you give me a bonus three free months for being such a loyal ExpressVPN user who always sings your praises at every website who allows me to do so? I would really appreciate the act of good customer loyalty! The email used for this post is my email to add my courtesy free months. Thank you and God Bless America and ExpressVPN!!! Reggie
Bonjour, Nouveau chez Express VPN je voudrais savoir comment je peux connecter mon second ordinateur ?
Hi Ulysse, you can install ExpressVPN on as many machines as you like! Five devices may use the VPN simultaneously. If you have any trouble setting up, please contact our Support Team who will be happy to help you out. Please note, the Support Team can currently only respond in English, but we do have a French support site which has many useful articles.
thanks
good
good
Thanks. I am starting to use VPN
In addition to the use of Express VPN, make sure that you're utilizing good Anti-Tracking and AdBlocking.
iMacPro, how do you install those kind of thing??
What happened to the server in Venezuela?
Hi William, it's currently down for maintenance.
EXPRESSVPN Is great just ibought another licence pack of 3 for all my Android devices 😊😊😊
I have just downloaded ExpressVPN but cannot get onto ITViPlayer ... please can you tell me what to do to get on to this.
Hi Sue, if you need help with anything, please contact our Support Team. They can help you get it all set up.
Will HTTPS Everywhere be made available for macOS and iOS? I sure hope so
Hi! HTTPS Everywhere is included in the Chrome extension, which works on MacOS as well. Unfortunately Chrome on iOS does not have extensions. Lexie
EFF can't be trusted!
nothing is happening....i have the vpn...i'm connected...but i can't sign into any websites.....my laptop and my android have different email accounts...one is google and one is windows...i really don't want to change my whole operating system
Hi Sandy. Sorry that you are having troubles with the setup. Please contact our Support Team. They will get it sorted in a jiffy.
Just wanted to give you a positive review. I am currently in Puerto Vallarta, Mexico. I chatted with your tech's before I installed ExpressVPN. I was concerned that it might not work in my condo, on my laptop connected via WiFi. They assured me it should work. So I did the install and to my not so tech savy self it was super easy! At the end of the install it automatically connected. Plus every time I turn on my laptop it automatically connects to VPN. Next test was to live stream TV channels via my cable provider (AT&T Uverse) from home, no problem. So once I was live streaming I put it on full screen and the picture/reception was great! When I am at home my cable provider reception tends to pixelate when on full screen. So I am so happy with your service and I am considering keeping it when I get back to Michigan from my Mexico vacation. Being able to watch movies, sports etc. full screen is a real plus for me. So I would highly recommend ExpressVPN. One happy customer for sure!
That's great! We're delighted the VPN works so well for you. Thanks for sharing :)
trimakasi expressVPN
And Des tap
Plese connect to the server VPN
nothing is happening….i have the vpn…i’m connected…but i can’t sign into any websites…..my laptop and my android
Hi Dionabelle. Sorry that you are having difficulty. Please contact our Support Team, and they will help you resolve the issue ASAP!
Nice express VNP
Nice
Nice
Good
How do I unsubscribe to VPN. I see that I'm paying just over £10 per month but have never used it. A year or so ago the Chief Engineer on the vessel I'm captain of suggested I get it but it didn't work in Greece however I've been paying for it ever since. How do I close the account?
Hi John, please contact our Support Team and they will help you.
I have been concerned about internet security and privacy for some time and had a free trial of NordVPN in the past but found it cumbersome while experiencing much slower upload/download speeds. My ExpressVPN experience, on both android phone and PC, has been the exact opposite with seamless connection through the app. My only disappointment is not realizing that I could have had a free month rather than signing on for one year prepaid at sign-up. Am still a 100% satisfied customer but figure it never hurts to ask if it's possible to have that free month added to the end of my current term? Thank you!
Hi i already connected this app but it doesn’t work anymore!
Sorry to hear that! Please contact our Support Team and they will help you get it sorted.
No comment
This has been the best VPN service. I do have it on my fire stick, phones , laptop, and will be getting the router. Great job love what your doing! Keep it up
Can Express VPN be downloaded to an ARRIS BGW210 wireless router? I would need help if so. Thanks
Exelente vicio
Just so much better! I was on strongvpn for 10+ years. Expressvpn was easier to install and more intuitive. It worked in minutes.
Hi
Good article. Just need to remember that if you don't get a https connection to the server that the VPN only protects your traffic as far as the VPN exit node. Last segment of transmission will be in the clear... VPN gives the best protection to the end-user at the point of access, not egress to the destination. Security issues will require that we all become more savvy on these issues...safe surfing!
Je suis très heureux d'accéder à ExprrssVPN.
What an excellent customer service you guys have! Keep it up and thank you so much,,,
Google... privacy.... lol.... Please make the browser extension for Firefox too. Thanks
Please add Firefox extension too!
Here it is: https://www.expressvpn.com/vpn-software/firefox-vpn
Hi there, is there a Safari extension as well? Thanks
Hi Trisha, currently we have extensions for Chrome, Firefox, and Edge, but not Safari.
So many of us use Safari...May we please have an extension, too?