How safe is a website with some passive insecure content?
On some websites I visit the icon in the address bar is a grey padlock with an orange warning triangle. These same websites show up as unsecured in Chrome and Edge as well. Although I've been assured by the site owner(s), in this case Tracfone, that any information I enter is safe, I kinda need some reassurances that it is indeed before I enter CC financial information.
I've read the section about mixed passive content but remain unclear.
Additional System Details
- Shockwave Flash 31.0 r0
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Let's assume the best case scenario, that the insecure content consists of images served by the site itself on HTTP instead of HTTPS. Why are they doing that?!
To confirm what it actually is, you can try this:
Open Firefox's Web Console in the lower part of the tab using either:
- "3-bar" menu button > Web Developer > Web Console
- (menu bar) Tools > Web Developer > Web Console
- (Windows) Ctrl+Shift+k
In the search box that has "Filter output" as its placeholder, type mixed and then reload the page in the upper part of the tab. Firefox should identify the mixed content and you can evaluate whether it is from a trusted site or is something that doesn't belong in the page.
If it's from the site and they were just a bit sloppy (!!), it's unlikely they will try to steal any information about your session with their own site. If it's from a different or unrelated site, that would be suspicious. I think it's preferable not to have any mixed content for important accounts.