browser address bar.png




To me, a browser’s address bar is one of the most important areas of the browser. Because of an increasing number of phishing attacks, the browser developers are being forced to rethink the way URLs are displayed to users. In the last year or so, these companies, such as Google, Mozilla, Opera, and Microsoft, have all been pushing to figure out how they can ensure that common users, such as your parents, are able to know when the site they are visiting is truly secure.

I decided to fire up four popular browsers and snag some screenshots of how each of them present a site’s URL to you. In my tests I used pre-release versions of each browser because, for the most part, these heavily represent what we should see released over the coming months. Of course the appearance can always change before the final version makes it out-the-door, but this is a better representation of how each company is attacking the address bar appearance today… and not a year ago. This particularly applies to Opera who just revamped their address bar in their latest Beta release.

The browsers were all running with the default settings, and the versions that were used in the screenshots are as follows:

  • Google Chrome 9.0.587.0 Dev
  • Firefox 4.0 Beta 7
  • Opera 11.00.1094 Alpha
  • Internet Explorer 9.0.7930.16406 Beta

–Sites NOT Using SSL–

Let me jump right into it. Here’s what the address bar will normally look like when visiting a site using a non-SSL URL:

Viewing a Standard HTTP URL
http address bar.png

Here are a few things to point out:

  • Opera hides the query parameters (everything after the question mark) until you click into the address bar.
  • Chrome, Opera, and Internet Explorer all try to make sure that the top-level domain stands out from the rest of the URL by graying out the surrounding text. Of those three, Chrome is the only one that also makes sure the sub-domain stands out… it’s not totally necessary but something I do prefer.
  • Chrome doesn’t show the “HTTP” in the address bar like it does for HTTPS sites. Opera doesn’t show any protocol (HTTP or HTTPS) in the address bar.

–Sites Using SSL–

The two sets of screenshots below demonstrate how each of the browsers display the URL of a site using SSL to encrypt your browsing session, but there is a slight difference between each set. The first set demonstrates what it looks like when a website owner hasn’t been verified (often called extended validation), and the second set shows what it looks like when the website owner has been verified.

When the owner isn’t verified, the data transferred will still be encrypted, but the site owner hasn’t been verified. Here’s what it looks like in that scenario:

Viewing an HTTPS URL on a Page Without Extended Validation
https address bar.png

Here are a few things to point out:

  • Each of the browsers has its own way of letting users know they are visiting a secure site (normally represented by a lock icon), but most of them don’t make it very obvious when they haven’t undergone the extended validation.
  • Opera is the only one that doesn’t show the “HTTPS” as part of the URL, which I think is fine since their yellow “Secure” badge would kinda make that redundant.

Now here are what those same browsers look like when visiting a fully trusted site:

Viewing an HTTPS URL on a Page With Extended Validation
https verified address bar.png

Here are a few things to point out:

  • All of the browsers make great use of the color green so that users know the site they are viewing is completely trusted. Internet Explorer is the only one that colors the entire address bar though, which is something I really like.
  • Chrome, Firefox, and Opera are all pretty similar in that they place the green badge to the left of the URL.
  • Opera is the only one that doesn’t directly display the verified owner (in this case Mozilla Corporation), but you can always find it out by clicking the icon.

Conclusion

So who’s solution do I like the best? For the average user I really like how Opera handles everything. They make the domain stand out so that users can clearly see the site they are visiting, SSL status is clearly presented in all scenarios, and they hide the query parameters which most people probably don’t even understand why they are there in a first place. Query parameters are really no different than variables used by a programmer, and I believe that hiding them is the right thing to do. Plus you can get view them simply by clicking into the address bar, which is important for copying/pasting a URL and sending it to someone.

Mozilla has experimented with differing address bar appearances in the past, but have not really followed through with any of their ideas. Sure you can customize it with extensions, but I’d like to see some sort of changes out-of-the-box.

It will be interesting a year or two from now when we look back to see how the address bars have evolved even further. In particular, I’m curious as to whether other browsers will follow Opera’s lead and start hiding the query parameters.