Firefox 91 gets HTTPS default in private mode, enhanced cookie clearing and Windows SSO

Mozilla released Firefox 91 on Tuesday, with a pair of new privacy features and one offering increased Windows integration.

When users use a private window in Firefox, the connection to the requested domain will now default to HTTPS even if a user manually enters the HTTP protocol. An HTTPS-first request will also be made if a user clicks on an HTTP link.

The browser maker warned that HTTPS by default only allows to the page itself, and not necessarily all images, CSS, or JavaScript files loaded by the page.

"However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS," Mozilla said.

"We expect that HTTPS by Default will expand beyond Private Windows in the coming months."

In November with Firefox 83, Mozilla enabled users to switch on HTTPS-Only mode, which has the same functionality as HTTPS by default.

The second privacy feature is dubbed enhanced cookie clearing. When a user asks Firefox to delete cookie data from a site, not only will Firefox remove cookies from that site, it will blast away any tracking cookies placed on the site as well.

The functionality is built on total cookie protection that appeared in Firefox in February, and separates cookies on a per website basis -- meaning supercookies such as those placed by Facebook were restricted to one container.

"When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website's 'cookie jar'. This Enhanced Cookie Clearing makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around," Mozilla explained.

"Before Enhanced Cookie Clearing, Firefox cleared data only for the domain that was specified by the user. That meant that if you were to clear storage for comfypants.com, Firefox deleted the storage of comfypants.com and left the storage of any sites embedded on it (facebook.com) behind. Keeping the embedded storage of facebook.com meant that it could identify and track you again the next time you visited comfypants.com."

Now when users head to settings to manage cookie data, users will see a listing of jars rather than domains. Users can also right-click on "Forget About This Site" in the history menu to remove cookies and cache related to the site, as well remove from the browser history and delete any data Firefox has stored about the site, such as permissions.

In order to use enhanced cookie clearing, users needs to have strict tracking protection enabled.

Firefox 91 also arrived with single sign-on integration with Windows for Microsoft, work, and school accounts. This feature can be enabled from the privacy and security section of Firefox settings.

The browser also gained support for Scots locale in its latest release.

Related Coverage

• Firefox 88 clamps down on window.name abuses by trackers
• Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
• Firefox 85 removes Flash and adds protection against supercookies
• How to remove the new "Other Bookmarks" button from Firefox
• Firefox to block Backspace key from working as "Back" button