In recent months, Mozilla developers were actively improving and modifying the user interface associated with security and privacy in the Firefox browser. The screenshot shows the changes that have affected output of notifications in the browser address bar.
The first change, which draws attention, is bringing the same general appearance of icons for sites protected by DV certificate and the EV certificate. Historically, in Mozilla Firefox padlock icon for sites protected by DV-certificate was somewhat different in their color theme from the same icons for sites with EV-certificates, which raised many questions from poorly informed user. In the updated version, all inconsistencies were eliminated - icons of locks have become the same.
Changes also affected the sites where the mixed content is loaded. As seen from the screenshot, notice of it have been revised and become more understandable.
Thanks to the new design improvements, users now are able to determine whether to trust the site or avoid it.
Google Chrome also was actively improving. Browser developers are planning to notify their users when the page of the site is insecure (http). Going forward, Google Chrome will mark all unencrypted sites padlock icon with a red cross in the address bar. For this purpose, Google Chrome will mark all padlock icons of unencrypted sites with a red cross in the address bar.
Google makes it clear that the web moves to the full transition to https. Many large companies and organizations supported the initiative, named «Encrypt All The Things», the essence of which boils down to the abandonment of traditional, less secure HTTP protocol and transition to HTTPS.
Google announced plan for a full transition to HTTPS back in 2014. At that time one of the Chrome Security Team members suggested to mark all HTTP-sites as "unsafe".
This change will bring more attention to sites that could be potentially unsafe.
It is currently remains unclear whether marking all HTTP-pages will be implemented by default in Google Chrome. However, now you can test it by typing in the browser "chrome: // flags" and selecting «mark non-secure origins as non-secure».
