Change effective on 07 October 2013
Heroku now uses Extended Validation SSL Certificates for most of our Heroku-owned applications. This allows you to tell at a glance if a URL belongs to Heroku itself, or whether it is some customer’s app running on the Heroku platform. This only applies to browser-facing apps (dashboard, www) not API-like things (api.heroku.com, Heroku Postgres backend services).
For more information, see EV SSL Certificates and Heroku-owned Applications in the Dev Center.