Compare Revisions

Firefox automatically blocks insecure or mixed content from secure web pages. We'll explain what that means and what options you have.

Firefox protects you from attacks by blocking potentially harmful, insecure content on web pages that are supposed to be secure. Keep reading to learn more about mixed content and how to tell when Firefox has blocked it. __TOC__ =What is mixed content and what are the risks?= [[Template:aboutmixedcontent]] =How can I tell if a page has mixed content?= There are two types of mixed content: mixed passive/display content and mixed active content. The difference lies in the threat level. Look for an icon in your address bar to determine if the page has mixed content. ;{for not fx57}[[Image:green lock 52]]{/for}{for fx57}[[Image:Green Padlock Quantum (Highlighted)]]{/for} ==No mixed content: secure== *[[Image:green lock 42]]: You’ll see a green lock when you are on a fully secure page.{for fx50} To see if Firefox has blocked parts of the page that are not secure, click the green lock icon. For more information, see the [[#w_unblock-mixed-content|Unblock mixed content]] section, below.{/for} {for not fx50} ==Mixed content is blocked: secure== *[[Image:blocked secure 42]]: You'll see a green lock with a grey warning triangle when Firefox has blocked any insecure elements on the page. This means that the page is now secure. Click on the icon to expand the [[Control Center - manage site privacy and security controls|Control Center]] and see more security details about that page. {/for} ==Mixed content is not blocked: not secure == *[[Image:unblocked mixed content 42]]: If you see a lock with a red line over it, the page contains mixed active content and Firefox is not blocking insecure elements. That page is open to eavesdropping and attacks where your personal data from the site could be stolen. Unless you’ve unblocked mixed content using the instructions in the next section, you shouldn’t see this icon. *[[Image: orange triangle grey lock 42]]: A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content, such as images. By default, Firefox does not block mixed passive content; you will simply see a warning that the page isn't fully secure. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site. For more information about mixed active and passive content, see [https://developer.mozilla.org/docs/Web/Security/Mixed_content this Mozilla Developer Network article]. =Unblock mixed content= Unblocking insecure elements is not recommended, but can be done if necessary: #Click the lock icon in the address bar. #Click the arrow on the Control Center: #;{for not fx50}[[Image:unblock mixed content 42]]{/for}{for fx50}[[Image:blocked 52]]{/for} #Click {button Disable protection for now}. #;{for not fx50}[[Image:disable protection 42]]{/for}{for fx50}[[Image:disable blocking 52]]{/for} To enable protection, follow the preceding steps and click {button Enable protection}. {warning}'''Warning:''' Unblocking mixed content can leave you vulnerable to attacks.{/warning} {note}'''Developers:''' If your website is generating security errors because of insecure content, see this MDN article on [https://developer.mozilla.org/docs/Security/MixedContent/How_to_fix_website_with_mixed_content how to fix a website with mixed content].{/note}