Mozilla: Firefox 70 brings you these new security indicators

Firefox 70, due soon, kicks out the EV SSL indicator and adds a red strikethrough for all HTTP sites, Mozilla reveals.
Written by Liam Tung, Contributing Writer

Firefox 70 is introducing new padlock icon security and identity indicators in the browser that will give less visual prominence to Extended Validation (EV) SSL certificates and draw more attention to sites delivered via the insecure HTTP protocol. 

Mozilla and Google Chrome developers discussed removing EV SSL indicators in the address bar in August because the indicators don't convey anything about the security and authenticity of a site. 

Google removed the EV indicators in Chrome 77, released in September, and Mozilla will do the same in Firefox 70, out later this month. This version removes the traditional green padlock icon plus the site owner's name from the address bar. The padlock for EV sites will now be the same as any normal HTTPS site.

SEE: How to build a successful developer career (free PDF)

Mozilla is also ditching the green padlock for a gray padlock for HTTPS sites and will now use a red strike through the padlock for all HTTP and FTP connections.  

"The formerly green lock icon will now become gray, with the intention of de-emphasizing the default (secure) connection state and instead putting more emphasis on broken or insecure connections," explained Mozilla's Johan Hofmann

As with Chrome, the EV certificate information is still available but the user needs to click the padlock icon to reveal the "Site information" panel. 

Mozilla notes that the main downsides of showing EV indicators in the address bar is that users must notice the absence of the EV indicator on a malicious site.  

"This change will hide the indicator from the majority of our users while keeping it accessible for those who need to access it. It also avoids ambiguities that could previously arise when the entity name in the URL bar was cut off to make space for the URL," noted Hofmann.  

The crossed-out padlock icon is being introduced in response to the rising adoption of HTTPS. Currently about 80% of pages loaded in Firefox are over HTTPS. 

Additionally, Firefox will no longer have an 'information' icon to the left of the padlock. Its functionality has been moved to the padlock. 

SEE: Mozilla to Firefox users: Here's how we're protecting you from code injection attacks

Firefox 70 will also introduce a shield or 'protections' icon to indicate when the browser's new anti-tracking features are enabled, active or disabled. In Firefox 69, Mozilla enabled anti-tracking by default for all users

A gray shield indicates protections are enabled, purple indicates they are active, and a crossed-out shield indicates that the user has disabled protections for the site.    

Firefox 70 is scheduled for release on October 22. 


Mozilla is ditching the green padlock for a gray padlock for HTTPS sites and will now use a red strike through the padlock for all HTTP and FTP connections.   

Image: Mozilla

More on Mozilla and the Firefox browser

Editorial standards