i tried https everywhere and forcing with no script fruitlessly since firefox does not display a detailed message, here is a screen shot from chrome: http://image.bayimg.com/baadpaaee.jpg here the OFFICIAL answer from m$: "This message is telling you that there may be both secure and non-secure content on the page. Secure and non-secure content, or mixed content, means that a webpage is trying to display elements using BOTH secure (HTTPS/SSL) and non-secure (HTTP) web server connections. This OFTEN happens with online stores or financial sites that display IMAGES, banners, or scripts that are coming from a server that is not secured. The risk of displaying mixed content is that a non-secure webpage or script might be able to access information from the secure content." certain thumbnails of close friend notifications and app requests NULLIFY the encryption and firefox doesnt padlock unlike chrome so how to FILTER unencrypted info FROM the encrypted :) "An attacker can replace any unprotected, unsecure HTTP content on an otherwise secure, HTTPS page with a “poisoned” version. For example, when you visit https://www.youtube.com with different browsers and a man-in-the-middle attacker present, you’ll see different results. Most other browsers just show the unprotected content automatically, allowing a spoofing or information disclosure attack" this pees me out :D