Firefox 3: Expand the Site Identification button on HTTPS pages

Yet another way to insure you're always aware of encrypted HTTPS web pages

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio

Michael Horowitz

June 27, 2008 8:54 p.m. PT

2 min read

My last two postings were about making secure HTTPS web pages more obvious in Firefox 3 by adding back the colored address bar from version 2. There is yet another visual trick available with Firefox 3 that also makes secure web pages harder to miss.

As noted earlier, the new site identification button, which used to be merely a favorite icon, now turns blue on most HTTPS pages and turns dark green (see below) on those that offer extended proof of their identity (such as jr.com and paypal.com).

Firefox 3: site identification button with extended validation

The dark green site id button includes the strongly verified website name and is thus much wider and more obvious. In contrast, the blue site id button show below is easily missed.

Firefox 3: normal blue site id button

With a little configuring, we can get the blue site id button to also include the website name. While, domain names displayed in blue are not as well verified, the point is to get the extra visual clue that the page is encrypted.

This comes from a comment to this article by Johnathan Nightingale, who works on security at Mozilla.

"I would recommend that color blind users (or others, for that matter) also consider changing the browser.identity.ssl_domain_display pref in about:config. Changing this from 0 to 1 causes the verified domain to be displayed in the button for basic-identification sites."

To do this, first enter "about:config" in the address bar (without the quotes), then click on the all-too cutesy "I'll be careful I promise" button.

Next, in the Filter box, type "browser.id". That should leave your browser looking like the below:

Double click on browser.identity.ssl_domain_display and change the default of zero to 1.

Click OK and you're done. There is no need to restart Firefox, you'll see the new expanded blue site id button the next time you view an HTTPS page. I verified this in Windows XP, 2000, Vista and Ubuntu Linux 8.04. It should work in Macs too.

After

Before

Combining Tips

Finally, if you read my earlier postings about restoring color (either yellow or green) to the address bar for encrypted HTTPS pages, then the end result is shown below.

Windows Vista

Ubuntu 8.04

There is no missing the fact that this page is encrypted.

See a summary of all my Defensive Computing postings.