Firefox logo

In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").

"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," said Anne van Kesteren, a Mozilla engineer and author of several open web standards.

This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.

The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.

Mozilla continues its push for HTTPS

The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.

Mozilla has been tremendously helpful in this manner via the Let's Encrypt project, which it supported since the beginning.

Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016, according to Let's Encrypt numbers.

Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [source].

New developer tools coming to Firefox

In addition to enforcing an HTTPS-only rule for new standards/features, Mozilla understands it must change the mind and working habits of day-to-day web developers.

As such, Mozilla also plans to add developer tools to future Firefox releases to enable testing without an HTTPS server. This will help developers deploy HTTPS-friendly sites and apps even for older features (WebVR, Payment Request API, etc.) that have not been implemented in a strict HTTPS-only manner in Firefox.