Mozilla Firefox 60 and newer versions of the web browser support two new browser preferences that highlight HTTP websites as "not secure" in the browser's address bar.

HTTPS is pushed throughout the Web and many sites and services migrated to HTTPS already. Browser makers like Google or Mozilla prepare to mark HTTP sites and services as not secure which will give HTTPS adoption another push as sites may lose users if they are marked as not secure.

Google announced this week that it plans to mark all HTTP sites as not secure in Chrome 68. The browser is scheduled for release in mid-2018.

Firefox 60: new "not secure" indicator preferences

While it is not clear yet when Firefox will start to mark HTTP sites as not secure, we know now that Firefox 60 comes with two preferences that power the functionality.

Firefox displays a "not secure" flag in the browser's address when when the preferences are enabled similarly to how Google Chrome marks HTTP sites.

about:config

Here is how you configure these options right now (requires Firefox 60 or newer):

  1. Load about:config?=security.insecure_connection_text.en abled in the browser's address bar.
  2. Double-click the preference to enable it.
  3. Load about:config?=security.insecure_connection_text.pb mode.enabled in the browser's address bar.
  4. Double-click the preference to enable it.

security.insecure_connection_text.enabled

This preference adds the "not secure" flag to HTTP sites in regular browsing mode.

security.insecure_connection_text.pbmode.enabled

This preference adds the "not secure" flag to HTTP sites in private browsing mode.

Let's Encrypt Data

Let's Encrypt data, which uses Firefox Telemetry data to get a read on pageloads over HTTP and HTTPS, saw global HTTPS connections at about 70% yesterday and US traffic at 78.6% already.

Closing Words

HTTPS adoption will improve in 2018, and one reason for that is that browser makers will mark HTTP pages as "not secure". Webmasters who don't want their sites to show up as insecure need to migrate to HTTPS. Considering that it takes some preparation to do so, especially for sites with more than a few dozen pages, it seems like a very good idea to start the migration asap if it has not started already.