Compare Revisions
Mixed content blocking in Firefox
Revision 133580:
Revision 133580 by underpass on
Revision 133634:
Revision 133634 by Chris_Ilias on
Keywords:
Search results summary:
Firefox automatically blocks insecure or mixed content from secure web pages. We'll explain what that means and what options you have.
Firefox automatically blocks insecure or mixed content from secure web pages. We'll explain what that means and what options you have.
Content:
{for not fx42}
{for not fx38}[[Template:update fx desktop]]{/for}
When you visit a webpage that is supposed to be fully secure but contains insecure content, Firefox blocks the insecure content and displays the shield icon in the address bar. We'll explain what is mixed content, why Firefox blocks it and what options you have.
;{for win,mac}[[Image:Insecure1 34 - Win]]{/for}{for linux}[[Image:Insecure1 39 - Lin en]]{/for}
[[Template:aboutmixedcontent]]
= What options do I have? =
'''Most websites will continue to work normally without any action on your part.'''
If you need to allow the mixed content to be loaded, displayed or executed, you can do that easily:
*Click the '''shield icon''' [[Image:Mixed Content Shield]] in the address bar, click {button Options} and choose {menu Disable protection for now}.
;{for win,mac}[[Image:Insecure2 34 - Win]]{/for}{for linux}[[Image:Insecure2 39 - Lin en]]{/for}
*The icon in the address bar will change to an orange warning triangle [[Image:Warning Identity Icon]] to remind you that insecure content is being displayed.
{for fx34}
When insecure content is being displayed, the shield icon has a red strike-through. To re-block mixed content, click the shield icon again, click {button Options} and choose {menu Enable protection}.
;{for win,mac}[[Image:Insecure3 34 - Win]]{/for}{for linux}[[Image:Insecure3 39 - Lin en]]{/for}
The content will also be re-blocked automatically when you go to another website in the current tab and then go back or re-visit the website in a new tab.
= The icon is a gray triangle =
;{for win,mac}[[Image:Mixed passive content]]{/for}{for linux}[[Image:Mixed passive content fx39 Linux en]]{/for}
Only the potentially harmful part of HTTP content is blocked so some websites may still have some HTTP content (such as images, video or audio). In that case, the connection between Firefox and the website is still partially encrypted and should not be considered safe against eavesdropping, hence the [[How do I tell if my connection to a website is secure?#w_gray-warning-triangle|gray triangle icon]].
{/for}
{/for}
{for fx42}
Firefox protects you from attacks by blocking potentially harmful, insecure content on web pages that are supposed to be secure. Keep reading to learn more about mixed content and how to tell when Firefox has blocked it.
[[Template:aboutmixedcontent]]
=How can I tell if a page has mixed content?=
Look for an icon in your address bar to determine if the page has mixed content.
;[[Image:mixed content icon url 42]]
==No mixed content: secure==
*[[Image:green lock 42]]: You’ll see a green lock when you are on a fully secure page.
{for not fx50}
==Mixed content is blocked: secure==
*[[Image:blocked secure 42]]: You'll see a green lock with a grey warning triangle when Firefox has blocked any insecure elements on the page. This means that the page is now secure. Click on the icon to expand the [[Control Center - manage site privacy and security controls|Control Center]] and see more security details about that page.
{/for}
==Mixed content is not blocked: not secure ==
*[[Image:unblocked mixed content 42]]: If you see a lock with a red line over it, Firefox is not blocking insecure elements, and that page is open to eavesdropping and attacks where your personal data from the site could be stolen. Unless you’ve unblocked mixed content using the instructions in the next section, you shouldn’t see this icon.
*[[Image: orange triangle grey lock 42]]: A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they shouldn’t be able to steal your personal data from the site.
=Unblock mixed content=
Unblocking insecure elements is not recommended, but can be done if necessary:
#Click the lock icon in the address bar.
#Click the arrow on the Control Center:
#;[[Image:unblock mixed content 42]]
#Click {button Disable protection for now}.
#;[[Image:disable protection 42]]
To enable protection, follow the preceding steps and click {button Enable protection}.
{warning}'''Warning:''' Unblocking mixed content can leave you vulnerable to attacks.{/warning}
{/for}
{note}'''Developers:''' If your website is generating security errors because of insecure content, see this MDN article on [https://developer.mozilla.org/docs/Security/MixedContent/How_to_fix_website_with_mixed_content how to fix a website with mixed content].{/note}
Firefox protects you from attacks by blocking potentially harmful, insecure content on web pages that are supposed to be secure. Keep reading to learn more about mixed content and how to tell when Firefox has blocked it.
[[Template:aboutmixedcontent]]
=How can I tell if a page has mixed content?=
Look for an icon in your address bar to determine if the page has mixed content.
;[[Image:mixed content icon url 42]]
==No mixed content: secure==
*[[Image:green lock 42]]: You’ll see a green lock when you are on a fully secure page.
{for not fx50}
==Mixed content is blocked: secure==
*[[Image:blocked secure 42]]: You'll see a green lock with a grey warning triangle when Firefox has blocked any insecure elements on the page. This means that the page is now secure. Click on the icon to expand the [[Control Center - manage site privacy and security controls|Control Center]] and see more security details about that page.
{/for}
==Mixed content is not blocked: not secure ==
*[[Image:unblocked mixed content 42]]: If you see a lock with a red line over it, Firefox is not blocking insecure elements, and that page is open to eavesdropping and attacks where your personal data from the site could be stolen. Unless you’ve unblocked mixed content using the instructions in the next section, you shouldn’t see this icon.
*[[Image: orange triangle grey lock 42]]: A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they shouldn’t be able to steal your personal data from the site.
=Unblock mixed content=
Unblocking insecure elements is not recommended, but can be done if necessary:
#Click the lock icon in the address bar.
#Click the arrow on the Control Center:
#;[[Image:unblock mixed content 42]]
#Click {button Disable protection for now}.
#;[[Image:disable protection 42]]
To enable protection, follow the preceding steps and click {button Enable protection}.
{warning}'''Warning:''' Unblocking mixed content can leave you vulnerable to attacks.{/warning}
{note}'''Developers:''' If your website is generating security errors because of insecure content, see this MDN article on [https://developer.mozilla.org/docs/Security/MixedContent/How_to_fix_website_with_mixed_content how to fix a website with mixed content].{/note}