I am seeing a grey caution symbol in my browser next to the https in the address. It happens mostly on FB and only started a few days ago.
I read about the yellow caution sign on a non-encrypted site--but not a grey one on a supposedly secure site. It says that parts of the page are unencrypted (like images). Is this something that I should be concerned about? My main concern is because this just happened a few days ago and I have never seen it before.
All Replies (13)
Hello,
Is it the Grey shield icon as described in this SUMO article Mixed content blocking in Firefox that you are seeing on the Facebook page?
Or is it the Grey padlock icon as described in this SUMO article How do I tell if my connection to a website is secure?.
Both of these have different implications and knowing the icon you are seeing will be helpful in suggesting the next course of action.
Thank you
There are two kinds of mixed content.
- Active content like scripts and content loaded in (i)frames
- Passive content like images and media files
Firefox block active mixed content by default (security.mixed_content.block_active_content = true) and shows a blocked content shield on the location bar, but allows passive display content (security.mixed_content.block_display_content = false) and shows a warning exclamation icon on the location bar.
See also:
Thank you for your responses. gnittala, the symbol is a triangle with an exclamation mark inside of it. It looks like the orange one pictured on this page--but it is grey. And it comes up right next to the "https" which is very strange. https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure
This means that there is mixed content on that web page, possibly image coming via an insecure http link.
You can open the Web Console (Firefox/Tools > Web Developer;Ctrl+Shift+K) and check the net log (this requires to reload the page via F5).
Mixed content shows as a line with red text.
Thanks again. I looked and was able to see red text in the web console that indicates mixed content--but I still am not sure how to fix it and if I should be concerned. It is now happening on numerous "secure" sites where I did not see it before. Is this something I should be concerned about?
I have been reading links on this site and I have found how to unblock mixed content--but not how to BLOCK mixed content. The site claims that Mozilla blocks this mixed content and that there is a shield icon in the address bar--something that I have never seen. Any suggestions to block that content would be great. Thank you!
You can't fix this yourself because the server sends this content.
You can either accept this mixed insecure content or set the security.mixed_content.block_display_content pref to true to block mixed display content as well (mixed active content is blocked by default).
- security.mixed_content.block_active_content = true
- security.mixed_content.block_display_content = false
Thank you again for a reply. I guess the last question is if it safe to use these sites? And why this message has only begun popping up?
Also--how do I find the "security.mixed_content.block_display_content pref"?
Which mixed content with a red line do you see?
As cor-el pointed out, you can check the site Opening about:config to open the configuration page. Once you open this configuration page, you can search for these preferences
- security.mixed_content.block_active_content
- security.mixed_content.block_display_content
by using the search field.
If you are unable to view the preferences, then you can right click your mouse on the page and select to create a New -> String key. Once you create the key, you can provide the preferences as you require
- security.mixed_content.block_active_content = true
- security.mixed_content.block_display_content = true
By setting the security.mixed_content.block_display_content to true, you are blocking any display content (like images) to be displayed on the browser.
If you are noticing this recently, then the website you are visiting might have made changes recently. Request you to follow the steps that cor-el provided and check the Net logs on the developer console.
Hope that helps.
Thank you so much for all your help! I very much appreciate it!
I think everyone agrees that mixed active content (like scripts) poses a security hazard. There is less agreement about display content like images, and also the practical issue that some sites have a lot of mixed content. By default, Firefox blocks active and allows display. You could experiment and see whether blocking both causes problems. I haven't tried it myself.
Yes, me too!