Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises


Level 26
Content Creator
Feb 4, 2016
Windows 8.1
The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.

For example, the current Firefox Nightly Edition (version 59) includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. In its current form, this visual indicator is a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages.

"HTTPS deployment is starting to get some momentum," said Mozilla software engineer Richard Barnes. "We should start preparing for a shift toward marking non-secure sites as insecure (as opposed to marking secure sites as secure)."

"As a first step, let's add a negative indicator for all non-secure sites, gated by a pref that's off by default," Barnes wrote in a feature request he made last year.