neverssl.com works fine for me, only a small warning in the place where the padlock usually is, that no-one checks anyway.
replyThe browser would be very unhappy with an <input type="password"/> on a non-TLS site (localhost excepted). HSTS would trigger the "massive" warning and refuse to load the site, however.
It's more pronounced on desktop
replyAh yes I think the HSTS issue is what I was thinking of
Yes, they do.
replyYeah just ignore the big "not secure" warning in the URL bar
replyI just checked it. You mean the very small open padlock icon? The era of browsers warning loudly about HTTP was a decade ago, it got reversed due to pushback.
replyWell I checked both Chrome and Firefox on mobile and my desktop and they were all much more obvious than just an "open padlock". They both said "Not Secure" and in Firefox it was bright red text. Also in incognito mode Chrome refused to even open the site without a full screen warning. They all make it super clear non-HTTPS sites are not secure so I'm not really sure what your point is?
reply