How to restore the green lock icon in Firefox's address bar
Mozilla's Firefox web browser used to display a green padlock icon in the browser's address bar when secure sites were opened in the browser. Additionally, the browser would display extended information for sites with EV (Extended Validation) certificates.
Mozilla launched a change recently in Firefox that changed the green padlock icon to a gray icon and removed the EV certificate information from the browser's address bar entirely.
The organization revealed plans in August 2019 to change the information that Firefox displays in the address bar in regards to sites using HTTPS and implemented the change in Firefox 70.0 released recently.
Firefox users who open a secure site in the browser see a gray padlock icon in the address bar in Firefox 70 and newer versions of the browser. Sites with EV certificates are not highlighted in any way anymore as well.
The main idea behind the changes -- Mozilla is not the only browser developer that made it -- is that the majority of Internet sites are using HTTPS on today's Internet and that the number will increase even more in the coming years. HTTPS is the new default and the reasoning is that sites that don't support it should be highlighted instead of sites that support it.
One of the issues with the approach is that generations of Internet users have been trained to look for these locks in the address bar to verify that the connection is secure. While that is still possible as the gray padlock icon indicates a secure connection, some may prefer to get the green icon restored instead as it provides a better visual indicator.
Making Firefox`s padlock icon green again
Firefox comes with built-in configuration options to restore the green padlock icon. Here is what you need to do:
- Load about:config in the Firefox address bar.
- Confirm that you will be careful if a warning screen is displayed.
- Use the search at the top to find security.secure_connection_icon_color_gray.
- Toggle the preference so that its value is FALSE.
The change is applied immediately, a browser restart is not required. You should notice that all sites that use secure connections are displayed with a green padlock icon again in the Firefox address bar. To restore the gray icon, set the value of the preference to TRUE instead.
Restoring Extended Validation Certificate information in Firefox
Firefox users may enable the display of EV certificate information in Firefox's address bar as well; this is also done using the method described above:
- Visit the about:config page again.
- Search for security.identityblock.show_extended_validation this time.
- Set the preference to TRUE to enable the display of extended validation information in the browser's address bar.
The change is applied immediately. If you don't see it right away try to refresh the site in question. You may set the value of the preference to FALSE to restore the default.
Display not secure for sites that don't use HTTPS
Firefox displays a crossed-out padlock icon in the address bar by default when a site that does not use HTTPS (or uses it incorrectly) is visited. You may add the "not secure" text to the address bar to further highlight the status of the connection.
- Visit about:config in the Firefox address bar.
- Search for security.insecure_connection_text.enabled.
- Set the value of the preference to TRUE to enable "not secure" or FALSE to disable it.
- Bonus: If you want to apply the change to private browsing connections as well, search for security.insecure_connection_text.pbmode.enabled and set the value accordingly.
Now You: do you check the status of the connection in your browser of choice? (via Ask VG)
the EV pref(security.identityblock.show_extended_validation) is gone in latest firefox. Please help
Opened this bug on Mozilla. I don’t know who is the Mozilla genius who came up with the idea but it show that they need to get more air and talk to more seniors.
https://bugzilla.mozilla.org/show_bug.cgi?id=1594469
Thanks
Nice tips, Martin. I missed the green padlock :)
Dumb decisions like this makes me glad I switch to Pale Moon long ago.
userchrome mods still work — e.g.
/*
* Change identity box colour for HTTPS connections
* e.g. #FFFF00 (yellow), #FFFFA8 (pale yellow), #BCFCBC (pale green), #FF6347 (tomato red),
* #FF6666 (red), #D9D9D9 (light grey), #33CCFF (light blue), #E46C0A (orange), #E5E3DE (themed)
*/
#identity-box {
background-color: #FFFFA8 !important;
color: black !important;
}
#identity-box.verifiedDomain {
background-color: #BCFCBC !important;
color: black !important;
}
#identity-box.weakCipher {
background-color: #E46C0A !important;
color: black !important;
}
#identity-box.verifiedIdentity {
background-color: #33CCFF !important;
color: white !important;
}
#identity-box.mixedDisplayContent {
background-color: #FF6347 !important;
color: black !important;
}
#identity-box.mixedDisplayContentLoadedActiveBlocked {
background-color: #FFFF00 !important;
color: black !important;
}
#identity-box.mixedActiveBlocked {
background-color: #FFFF00 !important;
color: black !important;
}
#identity-box.mixedActiveContent {
background-color: #E46C0A !important;
color: black !important;
}
#identity-box.insecureLoginForms {
background-color: #FF6666 !important;
color: black !important;
}
Nice. Personally I don’t use the identity box (totally hidden) and for the color eye-catch I change the urlbar’s background color.
Be noted that for Extended Validation to be checked two conditions are required:
1) security.OCSP.enabled MUST BE 1=enabled (default) OR 2=enabled for EV (Extended Validation) certificates only
2) security.identityblock.show_extended_validation MUST BE true (false on FF70)
from there on I include in mu userChrome.css :
/* start */
#urlbar {position: relative; z-index: 1;}
#identity-box:after {
content: ”; position: absolute; height: 100%; width: 100%; top: 0; left: 0;
pointer-events: none; z-index: -1; background: linear-gradient(#DDDDFF,#EEEEFF,#DDDDFF); opacity: 1;
}
#urlbar[pageproxystate=’valid’] #identity-box.verifiedDomain:after{background:#FFFFA0;}
#urlbar[pageproxystate=’valid’] #identity-box.verifiedIdentity:after{background: linear-gradient(#3399FF, 1px, #FFFFA0, 25px, #3399FF);}
/* end */
My default urlbar background color : linear-gradient(#DDDDFF,#EEEEFF,#DDDDFF)
My urlbar background color for https : #FFFFA0
My urlbar background color for https with EV (if applicable) : linear-gradient(#3399FF, 1px, #FFFFA0, 25px, #3399FF)
// If EV not applicable urlbar background color considers verifiedDomain (#FFFFA0)
That catches the eye, immediately. No need for lock icon.
Thanks so much!
Nice one Martin, Really nice loving this.
I still do not understand why they changed the more obvious for this Les informative way?
When 96% is using HTTPS sites than maybe I could understand it, but now!
Nice one Martin, Really nice loving this.
I still do not understand why they changed the more obvious for this Les informative way?
When 96% is using HTTPS sites than maybe I could understand it, but now!
Personally, I like the green color which gives you piece of mind while browsing.
Chrome and Firefox goals; dumb everything down, remove important choices, utilize Dark Patterns to confuse users, enhance data collection aspects and heard users into profitable data collection outcomes. DoH is a scam. The lock will be deprecated in time.
Around the mid aughts browsers competed on features and performance. If this is the state of browsers today imagine what it will be like a few years from now.
I think I’m going to cry.
Mozilla finally fucked me, hard completely and without warning.
I got the latest version update and after the install it gave me THAT prompt. The new profile one.
I hesitated for a minute reading and trying to understand what it means. It doesn’t warn you that you should back up and it says it’s for data protection so ultimately I clicked the new profile button.
The last 5 years of my history browsing vanished in that instant with no possibility of recovery!
I used firefox as my main browser since the netscape days, and I know all the shit they made till this day. But today was my final straw. You can’t just do this to people, you can’t just decide to erase their entire history just because you feel like it. Oh and the fun part? if you want to save your profile there isn’t that option in the prompt it’s just quit and the browser doesn’t.
Say what you will about any of the other browsers out there but none of them ever pulled some evil shit like this.
I’m doing my best not to cry but I think I’ll breakdown later today. Today I raged uninstalled the piece of crap that firefox turned into and I will never look back.
Let it fucking RIP, it deserves it!
@Some Guy,
For me Firefox died in 2011 when they released Firefox 4.0 with its ugly, bloated UI that was limited in terms of customization and simply wanted to copy Chrome’s tabs on top layout. People had to install add-ons like Classic Theme Restorer in order to get get back their old more customizable UI.
And since then the only thing Mozilla ever did was keep dumbing down Firefox until in 2017 they released Quantum and Firefox finally became like Chrome’s deformed and crippled twin.
Now Firefox has absolutely nothing going for itself and the only thing Mozilla keeps doing is changing the colors of the logo and icon every year with a more idiotic one each time until it makes you want to puke when you look at it. The other thing they keep doing is adding some questionable privacy features and keep bragging about them.
Firefox is now coming to an end – slowly dying because of its creators’ severe ineptness and incompetence until it finally dies, gets abandoned and the company shuts down or switches to developing some cloud service crap.
I’ve tried Firefox recently, but the browser is so slow, even with tracking turned off, it still loads websites a lot slower compared to Blink-based browsers. And I’m not talking about how Firefox’ market share is so low that web developers simply can’t be bothered to write a few lines of code to support it properly, but the fact that the browser itself, it’s rendering engine or whatever is just garbage. Even if Firefox had 90% market share on every platfrom, Blink browsers would still load a lot better and faster than it.
And that part where Chrome and other Blink-based browsers are memory hogs while Firefox isn’t is completely opposite from my experience. It’s actually Firefox that uses more memory and Blink browsers using less. I’ve tried this with Opera, Chrome, Brave, in comparison Firefox and Waterfox are a joke that’s not even funny.
Is it also possible that it saved your old profile to a folder on your Desktop, same as it does when you do a Refresh?
Nope, nothing on my desktop. Thanks for the help though.
Some Guy,
Why dont u use the free backup program for Firefox called mozbackup than this will never happen?
For the same reason people don’t store their personal journals in stranger’s homes.
I know that I should have had saved backups, that is on me.
But wiping almost a decade worth of browsing and tabs on whim without any kind of notice is on them and really what the issue is.
I shouldn’t have to save every 5 minutes out of fear that a company decides to wipe me out with an update.
And doing so is just using terrorism in promoting your sync or cloud services and pressuring me to use a service I don’t want to use or need to…
Yeah, firefox since version 70 to present become a chrome-alike, bad features, more privacy & security features and really disappointed, depressed, imprisoned for former http sites visitor, and reluctant.
Why, should mozilla stop removing/changing features like http flagged as ‘not secure’ & green padlock reverted to darkish gray padlock on https.
I made same mistake by updating Firefox 70 to 71. Lost Old profile. Using Windows restore point I was able to restore old profile wita Old version
Try starting Firefox with the -p parameter to see if the old profile is still there.
Oh and thank you for the help, please excuse my poor manners but my head is just gone right now :|
I f you could please provide a link to a tutorial or how may I go about it I would be most grateful :)
I’m still in shock… But on the other hand Falkon browser is great! :D
So these modifications should be made only on 70 browser, not before?
Yes David, Mozilla made the switch in Firefox 70.
Ok, thank you.
â€Do you check the status of the connection in your browser of choice?â€
Very often but not every time. For example his site uses TLS 1.2, certificate authority is GlobalSign. Useful tips, but more work for me. I had to check each browsers configs.
If you are really paranoid, you may want to read through each site’s source code to look for “nasty stuff”.
Correction: This site.
An ad for a spamming service on Nirsoft? Not nice. :-(
Browser vendors creating unnecessary user anxiety through dumbing down the interface. Bad form. Disappointing.
The claim that nirsoft[.]net is not secure is remarkable. Also, HTTPS does not make a Web site more secure (just look at the number of phishing sites using HTTPS) and even traffic over HTTP may be encrypted.
@TellTheTruth
Try taking out the S from the end of HTTPS for the nirsoft website URL
You’re confusing security and safety.
@TellTheTruth:
OK, here’s the truth, then — HTTPS does make interactions with a web site more secure. This is simply objective fact. It increases security by both encrypting the datastream and by offering something more than nothing in terms of validating the site you’re on is the site that you think you’re on.
HTTPS does not eliminate all vulnerabilities. Nothing can. But to imply that because a security mechanism isn’t perfect means there’s no point to using it is simply illogical.
“removed the EV certificate information from the browser entirely.”
The EV certificate information is shown in the address bar control center.
Right, I meant to say browser’s address bar. Changed it, thanks!
Thank you so much for this Martin.
As someone working in digital marketing, I never understood why Google first (and rest that followed) removed the green lock. Who did it harm?
Especially EV Certificate lock – which gives the user an instant understanding of who he/she is dealing with and from where.
It’s nonintrusive.
HTTPS is the norm so the idea is to identify what is not. And EV certificates are snake oil so this is another step to demote them.
Actual security is more important than old bad habits and mis/disinformation.
Great tip Martin, works also with themes.
Hi Martin,
Thank you for sharing this little trick. It has certainly been helpful the last several years, but now we’ve hit version 100 of Firefox and this option is no longer available to us. Do we have to throw in the towel now, or is there another way to available to us to get our favorite little green padlock icon back?
Thanks so much,
perknh