Firefox to mark all HTTP pages as not secure

Following in Chrome’s footsteps, Mozilla has decided to mark all HTTP pages as not secure. The changes will go live in October this year when Firefox version 70 is released.

This cybersecurity measure will be implemented with the intent to encourage webmasters to upgrade to HTTPS, lest they risk scaring their visitors away. When the changes go live, the URL bar will show a warning to all of the users attempting to visit such websites.

Google has taken the same direction with Chrome and the changes have been in effect since version 68 released last year.

Until now, Firefox has only been showing the “not secure” warnings on pages that incorporated any form of login fields or forms. Now, things seem to be getting much stricter.

To make this decision, Mozilla relied on statistics suggesting that 80% of today’s webpages are served through HTTPS. Due to this, the company’s point of view is that HTTPS websites no longer need to be rewarded with a positive indicator and that HTTP websites should be punished with a negative one instead.

In concrete terms, the new warnings will be displayed in the left part of the URL bar that traditionally displays security and privacy information.

If you’re surprised about such arguably extreme decisions on Mozilla’s part, bear in mind that the company has been working on this since December 2017. That’s the point where additional flags were first added to the about:config section. For those who’d like a sneak peek into these changes before they go live, feel free to tweak away.