The Web migrates from using HTTP predominantly to HTTPS. More than 66% of all Firefox page loads are now secured by HTTPS, an increase of 20% when compared to the January figure of this year.

HTTPS encrypts the connection to protect it against tampering or spying. The rise of Lets Encrypt, a service that offers certificates for free, and the push to HTTPS by Google Search, and companies that create browsers, surely played a role in the big year over year increase.

Most web browsers will mark non-HTTPS websites as insecure beginning in 2018. Plans are underway already; Google Chrome for instance marks HTTP sites with password or credit card fields as insecure already, and Mozilla announced plans to deprecate non-secure HTTP in Firefox, and highlights HTTP pages with password fields as insure as well.

Mozilla added a configuration switch to Firefox 59 -- currently available on the Nightly channel -- that marks any HTTP site as insecure in the web browser.

Firefox displays a lock symbol that is crossed out on non secure sites. A click on the icon displays the "connection is not secure" notification that current versions of Firefox display already.

The switch makes the fact that the site's connection is not secure more visible in the browser. It is only a matter of time until this is implemented directly so that users won't have to flip the switch anymore to make the change.

You can make the change right now in Firefox 59 in the following way:

1. Load about:config?filter=security.insecure_connection_i con.enabled in the browser's address bar.
2. Double-click on the preference.

A value of true enables the insecure connection icon in the browser's address bar, a value of false returns to the default state.

Firefox users who only want the indicator in private browsing mode can do that as well:

1. Load about:config?filter=security.insecure_connection_i con.pbmode.enabled in the address bar.
2. Double-click on the value.

A value of true shows the new icon, a value of false does not.

Closing Words

It is only a matter of time before browsers like Chrome or Firefox will mark any HTTP site as insecure in the browser. Websites that still use HTTP at that time will likely see a drop in visits because of that.