Why we can’t have a block page for HTTPS
Based on the nature of HTTPS, it is technically it is not possible to inject a message into HTTPS, without triggering the client browser to state “untrustworthy site” For example, Chrome will show the following:
Do we have plans to for a block page for HTTPS ?
Not at the moment. We think a browser timeout message is better than an “untrustworthy site” message, which triggers fear in end users that they have been compromised.
When the solution was originally released to the general public an HTTPS block page was available. However, due to the trust relationship being broken, i.e., the certificate on the block page does not belong to the intended destination, browsers showed a certificate error. This caused alarm amongst customers and was removed.