In case you don't want to wait for your favorite sites to start deploying strict-transport-security, here's a way for you to enable it yourself. I whipped up a quick add-on proof of concept that lets you add and remove HSTS data.
There are two ways to manage HSTS data for sites using this add-on:
- Navigate to an HTTPS page, open the page info dialog, and tick the "Always access content from this site securely" box
- Choose the "Manage Strict-Transport-Security..." item from the Tools menu, and enter the host names for your favorite sites there.
Let me know what you think!
UPDATE: Instead of maintaining the add-on in parallel with Force-TLS, I've decided to adapt Force-TLS to use the HSTS bits built into Firefox 4 and show you the same UI. Instead of the STS-UI add-on, try installing Force-TLS!