Why the SSL Green Bar No Longer Exists
Major web browsers are always evolving, and with them SSL trust indicators. SSL trust indicators are symbols and markers that appear in your web browser to show that the website you’re visiting has an SSL certificate. (For those who aren’t in the know, SSL certificates encrypt communications between web browsers and websites. Learn more about SSLs and how they work here.)
The most ubiquitous of these SSL trust indicators is the padlock symbol. The padlock can be found in the address bar of your web browser, just before the URL. It doesn’t appear to be changing any time soon.
The SSL green bar of trust, however, is one SSL indicator that didn’t make the cut. It has disappeared, even though not everyone has realized it yet. Let’s dive into the loss of the green bar and what it means to you.
What was the green bar and where did it go?
The green address bar was an SSL indicator that appeared when a website had an Extended Validation (EV) SSL certificate installed. SSL certificates can be divided into various types, with validation level referring to the extent of background checks performed on the person or company that owns a website. EV is the highest validation level you can get, with Certificate Authorities checking that the company requesting the SSL is a registered, legitimate business.
The green bar was a way of displaying this information loud and proud. When you visited a website with an EV SSL, Chrome, Mozilla, Safari, and Firefox would turn the address bar green, and display the registered company name in the address bar before the website URL.
Safari was the first browser to stop with the green address bar, with Google and other major browsers following suit soon after. Although Google removed the green bar with the release of Chrome version 69 in September 2018, it continued to display company information in the address bar until the release of Chrome 77 one year later.
Google explained why this change was being made, stating that “the Chrome Security UX team has determined that the EV UI does not protect users as intended”. The team found that the display could sometimes hinder rather than help, while wider security research indicated that it did not protect against phishing attacks as much as they hoped it would.
Will the green bar ever come back?
Most likely not. As we just mentioned, Google and security experts found that there wasn’t much benefit to displaying company information in that manner, and sometimes it could even do more harm than good. Malicious websites could easily copy the look of a green bar, giving website visitors a false sense of security.
In the years since, major browsers have moved away from displaying trust markers almost entirely. Since it’s become expected for websites to have an SSL certificate rather than not have one, web browsers now instead alert users when a website doesn’t have an SSL.
However, communicating company information hasn’t disappeared entirely, you just have to do a bit more clicking to find it. Users merely have to click on the padlock symbol in the address bar to find out more information about who has registered the SSL and who owns the website.
People new to SSL may get a little confused, because when performing research on which SSL to get, it can appear that the SSL green bar still exists. A cursory Google search shows numerous websites advertising the merits of an EV SSL’s green address bar. This can be due to websites not updating their SSL details, as well as Google pulling information from old web pages.
In reality, displaying the green address bar alongside company information details was discontinued as an SSL trust marker in Fall 2019.
Although the green bar no longer exists, this isn’t a bad thing. We have simply evolved beyond its use. Web browsers tried it out for a while, and found that it wasn’t as effective as they would have hoped. Since the focus now is on HTTPS everywhere, it makes sense that the focus is on informing users when a site doesn’t have an SSL rather than when it does.
Even without the green bar, an EV SSL certificate is still the best option for large companies or organizations. The same information can still be found when the padlock symbol is clicked on, so website visitors and potential customers can be safe in the knowledge that it’s being run by a genuine company that has been checked and vetted.
If you’re in the market for an EV SSL, check out the range Namecheap has to offer.