Firefox to mark all HTTP sites as Not Secure
Firefox will soon mark any site that still uses HTTP and not HTTPS for the connection as not secure in the browser's address bar.
Latest Let's Encrypt statistics show that more than 78% of all page loads in Firefox use HTTPS, an increase of about 6% when compared to July 2018. That leaves less than 22% of all connections and these will be marked by Firefox as not secure once Firefox 70 launches in October 2019.
The push to making HTTPS the default on the web began in earnest when companies like Mozilla and especially Google started to campaign for the adoption.
Google started to display the not secure indicator in Chrome if a connection used HTTP in 2018, Mozilla Firefox users could flip some switches in the browser's configuration for the same effect in 2018.
These configuration flags are present in the stable version of Firefox, and Firefox users may change their states to get the not secure indicator right now in the stable version of the browser.
All that is required is to set security.insecure_connection_icon.enabled to True on about:config to show the not secure indicator in the Firefox address bar for normal and private browsing connections. If you just want to show it for private browsing connections, set security.insecure_connection_icon.pbmode.enabled to True instead.
Mozilla added not secure indicators to Firefox in 2016 if HTTP pages had login forms as this meant that sensitive information, e.g. a user's password, was transmitted in the clear.
Firefox 70 Stable will display any HTTP site connection as Not Secure by default. Firefox Nightly users, the browser is already at version 70 currently, see this already when they connect to sites that use HTTP for the connection.
Mozilla began work on the feature three years ago. Meta Bug 1310842 highlights the organization's intention to "show a negative indicator for HTTP and no indicator for HTTPS". Discussion is still ongoing at this point.
Firefox 70 will be released on October 23, 2019 to the release channel according to the schedule.
HTTPS adoption is still on the rise and will be in the coming years. Not secure indicators in browsers push it even more and while Firefox showing "not secure" label won't have such a major effect as Chrome's had and has due to its share of the market, it will contribute nevertheless.
Now You: what do you do when a site still uses HTTP?Advertisement