User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20171115095126 Steps to reproduce: Go to https://bugzilla.mozilla.org/enter_bug.cgi#h=bugForm%7CFirefox Go to http://forums.mozillazine.org/viewtopic.php?f=38&t=3035593 Actual results: URL Bar shows https://bugzilla.mozilla.org/enter_bug.cgi#h=bugForm%7CFirefox with pretty green lock :^) URL Bar shows forums.mozillazine.org/viewtopic.php?f=38&t=3035593 with grey (i) which the user has to click on to be notified of the security exposure. :-( Expected results: The config option browser.urlbar.trimURLs hides the http:// protocol identifier and the closing / of URLs that do not include a path. However in 2017 HTTP URLs are deprecated because of the security exposure, the cost of supporting HTTPS is now low, and therefore every site should be using HTTPS. I feel there should be a config option to trim the https:// protocol identifier from the URLbar field and put up a big red warning X on sites that still think it is 1992. Perhaps browser.urlbar.httpsgoodhttpbad. HTTPS should be treated as the normal condition and HTTP as the exception.

Doesn't need to be a hidden bug.