Force Secure Connections
The 'Force Secure Connections' feature allows a user to specify that all future connections to a particular website are made with a secure HTTPS connection. You also have the option to enforce HTTPS connectivity with any sub-domains.
When you visit a site using a HTTPS connection, Comodo Dragon will display a padlock icon on the right hand side of the address bar:
By default, the padlock is gray, meaning secure connections are not yet enforced. No additional actions will be performed if the page is loaded again.
Click the padlock icon to enforce secure connections:
- The padlock will turn green, meaning secure connections are enforced for this session and all future visits
- All information exchanged between you and this website will be encrypted using the strongest available algorithms
- Check 'Force HTTPS on all sub-domains' if you want secure connections throughout the domain
- Click 'Done' (or click outside the message box) to confirm you want secure connections enforced
- If you wish to disable forced secure connections, click 'Don't force HTTPS'
This feature is particularly useful for websites that do not, by default, use secure connections on their login pages. For example, the Linkedin home page does not ordinarily have HTTPS connections on its log-in page. Note the address is plain HTTP instead of HTTPS - the 'S' stands for secure:
Although your credentials may indeed be sent over a secure connection once you click the 'Log in' button, the absence of a certificate on this page means you cannot verify the authenticity of the website.
With a HTTPS connection, you can click the lock on the left of the address bar to view the website's SSL certificate. Apart from encrypting your information, the certificate also contains critical website identity information which allows you to verify that you are connected to the genuine Linkedin website.
To force secure connections on the Linkedin log-in page:
- You first have to physically change www.linkedin.com to https://www.linkedin.com
- Do this by placing your mouse cursor in the Dragon address bar and typing 'https://' before www.linkedin.com so the full URL says https://www.linkedin.com
- Press enter. The page will re-load with a secure connection and thus make available the 'Force Secure Connections' padlock on the right:
- Click the padlock to enforce secure connections. All future visits to the Linkedin log-in page will be automatically conducted over a secure, encrypted connection: