Mixed content blocking in Firefox
- Revision id: 104779
- Creator: Alexander Dmitriev
- Comment: the shield icon is more generic now, addition, Linux screenshots
- Reviewed: No
- Ready for localization: No
When you visit a webpage that contains insecure content, Firefox blocks that content and displays the sheild icon in the address bar. We'll explain what is mixed content, why Firefox blocks it and what options you have.
HTTP is a system for transmitting information from a web server to your browser. HTTP is not secure, so when you visit a page served over HTTP, your connection is open for eavesdropping and man-in-the-middle attacks. Most websites are served over HTTP because they don't involve passing sensitive information back and forth and do not need to be secured.
When you visit a page fully transmitted over HTTPS, like your bank, you'll see a green padlock icon in the address bar (see How do I tell if my connection to a website is secure? for details). This means that your connection is authenticated and encrypted, hence safeguarded from eavesdroppers and man-in-the-middle attacks.
However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't. For more information about mixed content (active and passive), see this blog post.
What options do I have?
Most websites will continue to work normally without any action on your part.
If you need to allow the mixed content to be loaded, displayed or executed, you can do that easily:
- Click the shield icon in the address bar and choose Disable Protection on This Page from the dropdown menu.Click the shield icon in the address bar, click and choose .
- The icon in the address bar will change to an orange warning triangle to remind you that insecure content is being displayed.
To revert the previous action (re-block mixed content), re-visit the page in a new tab.
When insecure content is being displayed, the shield icon has a red strike-through. To re-block mixed content, click the shield icon again, clickand choose .
The content will also be re-blocked automatically when you go to another website in the current tab and then go back or re-visit the website in a new tab.
The icon is a gray globe despite blocking enabled
Only the potentially harmful part of HTTP content is blocked so some websites may still have some HTTP content (such as images, video or audio). In that case, the connection between Firefox and the website is still partially encrypted and should not be considered safe against eavesdropping, hence the gray globe icon.
The icon is a gray triangle
Only the potentially harmful part of HTTP content is blocked so some websites may still have some HTTP content (such as images, video or audio). In that case, the connection between Firefox and the website is still partially encrypted and should not be considered safe against eavesdropping, hence the gray triangle icon.