How to make Firefox use HTTPS by default but not block plain HTTP traffic if there is no other choice?

Question

Is there a way to get Firefox to automatically visit the HTTPS site instead of the HTTP site, whenever possible? For instance, if I type web.archive.org into the address bar, with no search history, I would prefer that Firefox take me to https://web.archive.org instead of http://web.archive.org. Currently, Firefox takes me to the HTTP site.

Apparently, starting in Firefox 91, Firefox will automatically opt into the HTTPS site whenever possible while in Private Browsing mode. I'd like to enable this same functionality all the time, even when not in Private Browsing mode. Is there a way to do that?

I do not want HTTPS-only mode. If the website does not support HTTPS, I want Firefox to still load the HTTP site, rather than blocking the connection. In other words, I want "HTTPS if possible" rather than "HTTPS or nothing". Firefox supports HTTPS-only mode in its preferences, but that's not what I am looking for. I found How can I get Firefox to prefer HTTPS over HTTP?, which superficially sounds like the same question, but all the answers suggest HTTPS-only mode, which is not what I'm looking for, and it is quite old, whereas I am asking about a fully updated modern Firefox browser. Is it possible to achieve what I want?

Answer 1

That's already how Firefox's "HTTPS-Only Mode" works. If the website does not support HTTPS, you get a full-page alert, in which you click the button and the site proceeds to load over HTTP. Firefox remembers the opt-out for the rest of the session, approximately.

For frequently visited websites that don't support HTTPS (like web.archive.org half the time), you can permanently opt out of the HTTPS upgrade individually per domain:

Answer 2

I found this thread on reddit where a user suggests to fully disable HTTPS-Only mode in firefox settings; then go in about:config, search for 'dom.security.https_first' and set it true.

I just tried this solution on firefox 115.8.0esr by testing http.badssl.com. It seems to work the way intended by the question.

Differently from HTTPS-Only, https_first doesn't block nor warn about the lack of https. It simply tries first to use https protocol, whenever provided, otherwise it falls back to http. This behavior should be already enabled by default for private browsing (in this case the option is dom.security.https_first_pbm).