An update to site-identity in desktop Firefox
23 April, 2012 § 61 Comments
Starting with yesterday’s Nightly build of Firefox, we have introduced a change to how we display site-identity in the address bar. These changes are intended to increase the security of our users as well as reduce some visual weight.
Since the dawn of time, we have included the site favicon in the address bar as part of the site-identity block. While the favicon can represent a piece of a site’s identity, there are some sites that set their favicon to a padlock. This behavior can trick users in to thinking that a site is using a secure connection when on an unsecured connection. Starting with yesterdays’s Nightly, we will no longer include the favicon in the address bar.
Websites that use SSL certificates with Extended Validation will now have a green padlock next to the certificate owner’s organization name.
Websites that use SSL certificates without Extended Validation will now have a grey padlock. The effective hostname will no longer appear next to the padlock. This information is redundant with our darkening of the effective hostname in the website address.
Websites that do not use SSL certificates or have mixed-content will fallback to a globe icon.
These changes are planned to reach our Release channel in mid-July.