How does content that isn't secure affect my safety?

Note: This applies to the latest Firefox Release version which can be downloaded from mozilla.org/.

When you see the shield icon in the address bar, it means that Firefox has blocked content that is insecure on the page you're visiting. We'll explain what that means and what options you have.

Mixed Content Blocking Insecure1 29 - Win Insecure1 34 - Win

What is mixed content?

When you visit a page served over HTTP, your connection is open for eavesdropping and man-in-the-middle attacks. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured. When you visit a page fully served over HTTPS (gray padlock or green padlock in the address bar), like your bank, your connection is authenticated and encrypted and hence safeguarded from eavesdroppers and man-in-the-middle attacks.

However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't.

Mixed Content Requests

The Mixed Content Blocker blocks potentially harmful HTTP content on HTTPS pages.

Note: For more information about Mixed Content (active and passive), see this blog post.

What are the risks?

An attacker can replace the HTTP content on the page you're visiting so that they can steal your credentials, take over your account, acquire sensitive data about you, or attempt to install malware on your computer.

What options do I have?

Most websites will continue to work normally without any action on your part.

If you need to allow the mixed content to be displayed, you can do that easily:

  • Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu.Click the shield icon Mixed Content Shield in the address bar, click Options and choose Disable protection for now.
    Disable protection Insecure2 29 - Win Insecure2 34 - Win
    • The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed.

To revert the previous action (re-block mixed content), re-visit the page in a new tab.

When insecure content is being displayed, the shield icon has a red strike-through. To re-block mixed content, click the shield icon again, click Options and choose Enable protection.

Insecure3 34 - Win

The icon is a gray globe despite blocking enabled

Only the potentially harmful part of HTTP content is blocked so some websites may still have some HTTP content (such as images). In that case, the connection between Firefox and the website is still partially encrypted and should not be considered safe against eavesdropping, hence the gray globe icon.

The icon is a gray triangle

Mixed passive content

Only the potentially harmful part of HTTP content is blocked so some websites may still have some HTTP content (such as images). In that case, the connection between Firefox and the website is still partially encrypted and should not be considered safe against eavesdropping, hence the gray triangle icon.


Share this article: http://mzl.la/16Izayb

Was this article helpful? Please wait...

These fine people helped write this article: Hello71, Verdi, scoobidiver, Swarnava, tanvi, davidbruant, upwinxp. You can help too - find out how.