How to restore the green lock icon in Firefox's address bar - gHacks Tech News

ADVERTISEMENT

How to restore the green lock icon in Firefox's address bar

Mozilla's Firefox web browser used to display a green padlock icon in the browser's address bar when secure sites were opened in the browser. Additionally, the browser would display extended information for sites with EV (Extended Validation) certificates.

Mozilla launched a change recently in Firefox that changed the green padlock icon to a gray icon and removed the EV certificate information from the browser's address bar entirely.

The organization revealed plans in August 2019 to change the information that Firefox displays in the address bar in regards to sites using HTTPS and implemented the change in Firefox 70.0 released recently.

Firefox users who open a secure site in the browser see a gray padlock icon in the address bar in Firefox 70 and newer versions of the browser. Sites with EV certificates are not highlighted in any way anymore as well.

firefox green gray icon

The main idea behind the changes -- Mozilla is not the only browser developer that made it -- is that the majority of Internet sites are using HTTPS on today's Internet and that the number will increase even more in the coming years. HTTPS is the new default and the reasoning is that sites that don't support it should be highlighted instead of sites that support it.

One of the issues with the approach is that generations of Internet users have been trained to look for these locks in the address bar to verify that the connection is secure. While that is still possible as the gray padlock icon indicates a secure connection, some may prefer to get the green icon restored instead as it provides a better visual indicator.

Making Firefox`s padlock icon green again

firefox green padlock

Firefox comes with built-in configuration options to restore the green padlock icon. Here is what you need to do:

  1. Load about:config in the Firefox address bar.
  2. Confirm that you will be careful if a warning screen is displayed.
  3. Use the search at the top to find security.secure_connection_icon_color_gray.
  4. Toggle the preference so that its value is FALSE.

The change is applied immediately, a browser restart is not required. You should notice that all sites that use secure connections are displayed with a green padlock icon again in the Firefox address bar. To restore the gray icon, set the value of the preference to TRUE instead.

Restoring Extended Validation Certificate information in Firefox

ev certificate firefox show

Firefox users may enable the display of EV certificate information in Firefox's address bar as well; this is also done using the method described above:

  1. Visit the about:config page again.
  2. Search for security.identityblock.show_extended_validation this time.
  3. Set the preference to TRUE to enable the display of extended validation information in the browser's address bar.

The change is applied immediately. If you don't see it right away try to refresh the site in question. You may set the value of the preference to FALSE to restore the default.

Display not secure for sites that don't use HTTPS

firefox not secure

Firefox displays a crossed-out padlock icon in the address bar by default when a site that does not use HTTPS (or uses it incorrectly) is visited. You may add the "not secure" text to the address bar to further highlight the status of the connection.

  1. Visit about:config in the Firefox address bar.
  2. Search for security.insecure_connection_text.enabled.
  3. Set the value of the preference to TRUE to enable "not secure" or FALSE to disable it.
  4. Bonus: If you want to apply the change to private browsing connections as well, search for security.insecure_connection_text.pbmode.enabled and set the value accordingly.

Now You: do you check the status of the connection in your browser of choice? (via Ask VG)

Summary
How to restore the green lock icon in Firefox's address bar
Article Name
How to restore the green lock icon in Firefox's address bar
Description
Find out how to restore the green padlock icon and Extended Validation certificate information in the Firefox address bar.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. happysurf said on October 28, 2019 at 8:44 am
    Reply

    Great tip Martin, works also with themes.

  2. Alfred said on October 28, 2019 at 9:08 am
    Reply

    Thank you so much for this Martin.

    As someone working in digital marketing, I never understood why Google first (and rest that followed) removed the green lock. Who did it harm?

    Especially EV Certificate lock – which gives the user an instant understanding of who he/she is dealing with and from where.

    It’s nonintrusive.

    1. anon said on October 28, 2019 at 5:53 pm
      Reply

      HTTPS is the norm so the idea is to identify what is not. And EV certificates are snake oil so this is another step to demote them.

      Actual security is more important than old bad habits and mis/disinformation.

  3. Mozinet said on October 28, 2019 at 9:38 am
    Reply

    “removed the EV certificate information from the browser entirely.”

    The EV certificate information is shown in the address bar control center.

    1. Martin Brinkmann said on October 28, 2019 at 1:03 pm
      Reply

      Right, I meant to say browser’s address bar. Changed it, thanks!

  4. TellTheTruth said on October 28, 2019 at 11:30 am
    Reply

    The claim that nirsoft[.]net is not secure is remarkable. Also, HTTPS does not make a Web site more secure (just look at the number of phishing sites using HTTPS) and even traffic over HTTP may be encrypted.

    1. John Fenderson said on October 28, 2019 at 3:49 pm
      Reply

      @TellTheTruth:

      OK, here’s the truth, then — HTTPS does make interactions with a web site more secure. This is simply objective fact. It increases security by both encrypting the datastream and by offering something more than nothing in terms of validating the site you’re on is the site that you think you’re on.

      HTTPS does not eliminate all vulnerabilities. Nothing can. But to imply that because a security mechanism isn’t perfect means there’s no point to using it is simply illogical.

    2. anon said on October 28, 2019 at 6:33 pm
      Reply

      You’re confusing security and safety.

    3. Gareth said on October 28, 2019 at 6:51 pm
      Reply

      @TellTheTruth

      Try taking out the S from the end of HTTPS for the nirsoft website URL

  5. pd said on October 28, 2019 at 12:10 pm
    Reply

    Browser vendors creating unnecessary user anxiety through dumbing down the interface. Bad form. Disappointing.

  6. Yan said on October 28, 2019 at 1:18 pm
    Reply

    An ad for a spamming service on Nirsoft? Not nice. :-(

  7. Anonymous said on October 28, 2019 at 1:28 pm
    Reply

    ”Do you check the status of the connection in your browser of choice?”

    Very often but not every time. For example his site uses TLS 1.2, certificate authority is GlobalSign. Useful tips, but more work for me. I had to check each browsers configs.

    1. Anonymous said on October 28, 2019 at 2:25 pm
      Reply

      Correction: This site.

    2. pHROZEN gHOST said on October 28, 2019 at 5:45 pm
      Reply

      If you are really paranoid, you may want to read through each site’s source code to look for “nasty stuff”.

  8. David said on October 28, 2019 at 2:23 pm
    Reply

    So these modifications should be made only on 70 browser, not before?

    1. Martin Brinkmann said on October 28, 2019 at 2:56 pm
      Reply

      Yes David, Mozilla made the switch in Firefox 70.

      1. David said on October 28, 2019 at 4:30 pm
        Reply

        Ok, thank you.

  9. Some Guy said on October 28, 2019 at 2:32 pm
    Reply

    I think I’m going to cry.

    Mozilla finally fucked me, hard completely and without warning.

    I got the latest version update and after the install it gave me THAT prompt. The new profile one.
    I hesitated for a minute reading and trying to understand what it means. It doesn’t warn you that you should back up and it says it’s for data protection so ultimately I clicked the new profile button.

    The last 5 years of my history browsing vanished in that instant with no possibility of recovery!

    I used firefox as my main browser since the netscape days, and I know all the shit they made till this day. But today was my final straw. You can’t just do this to people, you can’t just decide to erase their entire history just because you feel like it. Oh and the fun part? if you want to save your profile there isn’t that option in the prompt it’s just quit and the browser doesn’t.

    Say what you will about any of the other browsers out there but none of them ever pulled some evil shit like this.

    I’m doing my best not to cry but I think I’ll breakdown later today. Today I raged uninstalled the piece of crap that firefox turned into and I will never look back.

    Let it fucking RIP, it deserves it!

    1. Martin Brinkmann said on October 28, 2019 at 2:55 pm
      Reply

      Try starting Firefox with the -p parameter to see if the old profile is still there.

      1. Some Guy said on October 28, 2019 at 3:15 pm
        Reply

        I f you could please provide a link to a tutorial or how may I go about it I would be most grateful :)

        I’m still in shock… But on the other hand Falkon browser is great! :D

      2. Some Guy said on October 28, 2019 at 3:18 pm
        Reply

        Oh and thank you for the help, please excuse my poor manners but my head is just gone right now :|

    2. ShintoPlasm said on October 28, 2019 at 3:17 pm
      Reply

      Is it also possible that it saved your old profile to a folder on your Desktop, same as it does when you do a Refresh?

      1. Some Guy said on October 28, 2019 at 3:20 pm
        Reply

        Nope, nothing on my desktop. Thanks for the help though.

      2. Paul(us) said on October 28, 2019 at 4:27 pm
        Reply

        Some Guy,
        Why dont u use the free backup program for Firefox called mozbackup than this will never happen?

      3. lm said on October 28, 2019 at 5:35 pm
        Reply

        I made same mistake by updating Firefox 70 to 71. Lost Old profile. Using Windows restore point I was able to restore old profile wita Old version

      4. Some Guy said on October 28, 2019 at 5:51 pm
        Reply

        For the same reason people don’t store their personal journals in stranger’s homes.

        I know that I should have had saved backups, that is on me.

        But wiping almost a decade worth of browsing and tabs on whim without any kind of notice is on them and really what the issue is.

        I shouldn’t have to save every 5 minutes out of fear that a company decides to wipe me out with an update.
        And doing so is just using terrorism in promoting your sync or cloud services and pressuring me to use a service I don’t want to use or need to…

    3. Dumbledalf said on October 28, 2019 at 5:16 pm
      Reply

      @Some Guy,

      For me Firefox died in 2011 when they released Firefox 4.0 with its ugly, bloated UI that was limited in terms of customization and simply wanted to copy Chrome’s tabs on top layout. People had to install add-ons like Classic Theme Restorer in order to get get back their old more customizable UI.

      And since then the only thing Mozilla ever did was keep dumbing down Firefox until in 2017 they released Quantum and Firefox finally became like Chrome’s deformed and crippled twin.

      Now Firefox has absolutely nothing going for itself and the only thing Mozilla keeps doing is changing the colors of the logo and icon every year with a more idiotic one each time until it makes you want to puke when you look at it. The other thing they keep doing is adding some questionable privacy features and keep bragging about them.

      Firefox is now coming to an end – slowly dying because of its creators’ severe ineptness and incompetence until it finally dies, gets abandoned and the company shuts down or switches to developing some cloud service crap.

      I’ve tried Firefox recently, but the browser is so slow, even with tracking turned off, it still loads websites a lot slower compared to Blink-based browsers. And I’m not talking about how Firefox’ market share is so low that web developers simply can’t be bothered to write a few lines of code to support it properly, but the fact that the browser itself, it’s rendering engine or whatever is just garbage. Even if Firefox had 90% market share on every platfrom, Blink browsers would still load a lot better and faster than it.

      And that part where Chrome and other Blink-based browsers are memory hogs while Firefox isn’t is completely opposite from my experience. It’s actually Firefox that uses more memory and Blink browsers using less. I’ve tried this with Opera, Chrome, Brave, in comparison Firefox and Waterfox are a joke that’s not even funny.

  10. Dilly Dilly said on October 28, 2019 at 3:28 pm
    Reply

    Chrome and Firefox goals; dumb everything down, remove important choices, utilize Dark Patterns to confuse users, enhance data collection aspects and heard users into profitable data collection outcomes. DoH is a scam. The lock will be deprecated in time.

    Around the mid aughts browsers competed on features and performance. If this is the state of browsers today imagine what it will be like a few years from now.

  11. qainsights said on October 28, 2019 at 3:45 pm
    Reply

    Personally, I like the green color which gives you piece of mind while browsing.

  12. Paul(us) said on October 28, 2019 at 4:29 pm
    Reply

    Nice one Martin, Really nice loving this.
    I still do not understand why they changed the more obvious for this Les informative way?
    When 96% is using HTTPS sites than maybe I could understand it, but now!

  13. Paulus said on October 28, 2019 at 4:30 pm
    Reply

    Nice one Martin, Really nice loving this.
    I still do not understand why they changed the more obvious for this Les informative way?
    When 96% is using HTTPS sites than maybe I could understand it, but now!

  14. Matt said on October 28, 2019 at 6:11 pm
    Reply

    Thanks so much!

  15. Anonymous said on October 28, 2019 at 6:33 pm
    Reply

    userchrome mods still work — e.g.

    /*
    * Change identity box colour for HTTPS connections
    * e.g. #FFFF00 (yellow), #FFFFA8 (pale yellow), #BCFCBC (pale green), #FF6347 (tomato red),
    * #FF6666 (red), #D9D9D9 (light grey), #33CCFF (light blue), #E46C0A (orange), #E5E3DE (themed)
    */
    #identity-box {
    background-color: #FFFFA8 !important;
    color: black !important;
    }

    #identity-box.verifiedDomain {
    background-color: #BCFCBC !important;
    color: black !important;
    }

    #identity-box.weakCipher {
    background-color: #E46C0A !important;
    color: black !important;
    }

    #identity-box.verifiedIdentity {
    background-color: #33CCFF !important;
    color: white !important;
    }

    #identity-box.mixedDisplayContent {
    background-color: #FF6347 !important;
    color: black !important;
    }

    #identity-box.mixedDisplayContentLoadedActiveBlocked {
    background-color: #FFFF00 !important;
    color: black !important;
    }

    #identity-box.mixedActiveBlocked {
    background-color: #FFFF00 !important;
    color: black !important;
    }

    #identity-box.mixedActiveContent {
    background-color: #E46C0A !important;
    color: black !important;
    }

    #identity-box.insecureLoginForms {
    background-color: #FF6666 !important;
    color: black !important;
    }

    1. Tom Hawack said on October 29, 2019 at 4:10 pm
      Reply

      Nice. Personally I don’t use the identity box (totally hidden) and for the color eye-catch I change the urlbar’s background color.

      Be noted that for Extended Validation to be checked two conditions are required:
      1) security.OCSP.enabled MUST BE 1=enabled (default) OR 2=enabled for EV (Extended Validation) certificates only
      2) security.identityblock.show_extended_validation MUST BE true (false on FF70)

      from there on I include in mu userChrome.css :

      /* start */
      #urlbar {position: relative; z-index: 1;}
      #identity-box:after {
      content: ”; position: absolute; height: 100%; width: 100%; top: 0; left: 0;
      pointer-events: none; z-index: -1; background: linear-gradient(#DDDDFF,#EEEEFF,#DDDDFF); opacity: 1;
      }
      #urlbar[pageproxystate=’valid’] #identity-box.verifiedDomain:after{background:#FFFFA0;}
      #urlbar[pageproxystate=’valid’] #identity-box.verifiedIdentity:after{background: linear-gradient(#3399FF, 1px, #FFFFA0, 25px, #3399FF);}
      /* end */

      My default urlbar background color : linear-gradient(#DDDDFF,#EEEEFF,#DDDDFF)
      My urlbar background color for https : #FFFFA0
      My urlbar background color for https with EV (if applicable) : linear-gradient(#3399FF, 1px, #FFFFA0, 25px, #3399FF)
      // If EV not applicable urlbar background color considers verifiedDomain (#FFFFA0)

      That catches the eye, immediately. No need for lock icon.

  16. Ron said on October 28, 2019 at 10:11 pm
    Reply

    Dumb decisions like this makes me glad I switch to Pale Moon long ago.

  17. Ray said on October 29, 2019 at 7:30 pm
    Reply

    Nice tips, Martin. I missed the green padlock :)

  18. Anonymous said on November 4, 2019 at 3:48 pm
    Reply

    Thanks

  19. Theo Chino said on November 6, 2019 at 5:30 pm
    Reply

    Opened this bug on Mozilla. I don’t know who is the Mozilla genius who came up with the idea but it show that they need to get more air and talk to more seniors.

    https://bugzilla.mozilla.org/show_bug.cgi?id=1594469

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.