Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Mixed content - https vs http

more options

In the browser Chrome, after going to a website starting with https://, it gave me the below message:

Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'. This request has been blocked; the content must be served over HTTPS.

Which is good but in Firefox, it doesn't recognize this issue which should.

Can you please update Firefox browser to recognize the issue and give us a proper message like Chrome does?

In the browser Chrome, after going to a website starting with https://, it gave me the below message: Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'. This request has been blocked; the content must be served over HTTPS. Which is good but in Firefox, it doesn't recognize this issue which should. Can you please update Firefox browser to recognize the issue and give us a proper message like Chrome does?

All Replies (4)

more options

hello arashqa, could you provide a sample of a site where this happens? in principle firefox does support mixed content blocking - however, by default it will only block "active" mixed content (that are scripts, stylesheets and other stuff that might get dangerous). another thing that might interfere is addons like adblock, noscript and others which are already blocking particular content that may cause the message... Mixed content blocking in Firefox https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

more options

It's a work site, basically the site was set up to use https:// and there were a few links which when I tried to click on them, they put http:// not https:// and that was causing problems in Chrome since Chrome expected the links having same protocol as the site but in Firefox it worked.

more options

Note that you can leave out the protocol and leave the two starting forward slashes to use the same protocol as was used to open the page.

  • //support.mozilla.org/en-US/questions/1033992
more options

I think all browsers allow you to leave a secure page for an insecure page (from HTTPS link to HTTP link) without a warning, otherwise you would go crazy using Google and other search engines that use HTTPS. There is an exception for when a form is being submitted from a secure page to an insecure page: then you definitely should get a warning that your submission isn't being encrypted.

What Firefox and other browsers now pay closer attention to is content pulled into the page, treating some as high risk (such as scripts) and some as low risk (such as JPEG images). You can adjust Firefox's settings to block this lower risk "display" content if you like. (It requires switching the security.mixed_content.block_display_content preference from false to true in the about:config preferences editor.)