For now, with the options, you can only request all website have DNSSEC or be warned if DNSSEC is failing, but you cannot be warned if a website, which used to have DNSSEC, have no more DNSSEC.
I propose to add a new option where you can define a list of websites which must have DNSSEC and block them if their DNSSEC status is failing or missing. This list may be a list of regexes (e.g. .+\.mycompany\.example). Also, when you click on the padlock on a DNSSEC website, there may be a button to enroll this website in this list.