随着我们每天浏览互联网时不断面临的安全威胁,尽可能多地锁定东西是值得的。考虑到这一点,如何在可能的情况下强制googlechrome使用HTTPS?今天的超级用户问答文章讨论了一些帮助有安全意识的读者获得HTTPS满意度的解决方案。
今天的问答环节是由SuperUser提供的,SuperUser是Stack Exchange的一个分支,是一个由社区驱动的问答网站分组。
超级用户读者kiewic想知道如何强制Google Chrome尽可能使用HTTPS而不是HTTP:
Many websites offer both versi*** (HTTPS and HTTP) like https://stackoverflow.com and http://stackoverflow.com for instance.
Is there any way to force Google Chrome to always try for HTTPS first before HTTP when typing something like stackoverflow.com in the address bar?
如果可能的话,你怎么强迫googlechrome总是使用HTTPS而不是HTTP呢?
超级用户贡献者paradroid和Omar为我们提供了答案。首先,paradroid:
You could try the HTTPS Everywhere extension for Google Chrome. (Note From the Editor: We recommend HTTPS Everywhere if you want to be sure HTTPS is enabled everywhere it’s available. This extension is less necessary than it was a few years ago, however, as more and more sites have enabled HTTPS by default.)
接下来是奥马尔的回答:
Force HTTPS in Google Chrome
Google is one of the more aggressive companies pushing to make this happen. Here are several ways you can force HTTPS in Chrome to ensure your browsing is as safe as possible.
Start Google Chrome with HTTPS
Enable Google Chrome support by typing chrome://net-internals/ into your address bar, then select HSTS from the drop-down menu. HSTS is HTTPS Strict Transport Security, a way for websites to elect to always use HTTPS. Using this setting, you can now force HTTPS for any domain you want and even “pin” the domain so that only a more trusted subset of CAs are permitted to identify that domain. The downside is that if you force a domain that does not have SSL at all, you will not be able to access the website.
HTTP Strict Transport Security (The Chromium Projects) (Note From the Editor: You can no longer change this option yourself in Chrome. Website owners can still enable HSTS for their websites.)
Force HTTPS with the KB SSL Enforcer Extension
This extension will force HTTPS in Google Chrome for websites that support it. Keep in mind that It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. Due to Google Chrome’s limitati***, the KB SSL Enforcer extension redirects the page while it is loading. You will see a quick flicker of the unencrypted page, but it redirects you as fast as possible.
KB SSL Enforcer Extension Homepage
Use HTTP Extension to Force HTTPS in Google Chrome
The Use HTTP extension will force defined sites to use HTTPS instead of HTTP. It comes preloaded with two defined sites: Facebook and Twitter. Like the previous extension, the initial request is sent to websites not using HTTPS.
Use HTTPS Extension Homepage (Note From the Editor: This extension is no longer available.)
有什么要补充的解释吗?在评论中发出声音。想从其他精通技术的Stack Exchange用户那里了解更多答案吗?在这里查看完整的讨论主题。
...坦的问题。全世界的互联网用户都应该意识到安全工具是如何被滥用的。这些工具可能会损害隐私,并收集有关您访问的网站和在线发送的消息的数据。 ...
... 你可以看到为什么谷歌热衷于强迫尽可能多的网站使用这个安全措施。它对搜索引擎有利,对用户有利。加密使互联网更加安全。 ...
... 大多数描述如何安装SSL证书的指南都会告诉您必须有一个专用的IP。这意味着购买更昂贵的专用托管计划。 ...
...访问的人会认为你更值得信任。现在,大多数用户都知道如何检查安全连接,因此安装SSL证书表明您认真对待他们的隐私。 ...
...把HTTPS作为默认选项而不是例外了。也就是说,至少根据谷歌的说法,它正在改变Chrome处理安全网页和非安全网页的方式。也是时候了。 ...
...您看到“connectionisnotprivate”消息时它意味着什么,以及如何修复它。我们将在这里重点介绍Chrome,但修复也适用于其他浏览器。 ...
Chrome86是谷歌的又一个可靠升级。除了通常的秘密改进之外,googlechrome86还可以帮助您快速更改易受攻击的密码,并保护您免受网站在后台浪费CPU资源(和电池电量)的影响。 谷歌于2020年10月6日发布了Chrome86。Chrome会自动安装更...
...是为了立法者的眼睛,而不是公众的眼睛。 dns over https将如何工作? 抛开康卡斯特奇怪的反对意见不谈,让我们看看DNS over HTTPS将如何实际工作。当DoH支持在Chrome中上线时,Chrome将仅在系统当前DNS服务器支持的情况下使用HTTPS上...