We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

Firefox Lists Site as Connection Not Secure

more options

Using Firefox 99.0 (64 bit) on Windows 10 I get "connection not secure" even though the website certificate appears valid for https://primelab.io I have also tried this on my Macbook with the same result. If I use Chrome on my Macbook or Windows 10 the website says its secure. Is there a test that I can run to see whats causing https://primelab.io to come up as Connection Not Secure in Firefox?

Using Firefox 99.0 (64 bit) on Windows 10 I get "connection not secure" even though the website certificate appears valid for https://primelab.io I have also tried this on my Macbook with the same result. If I use Chrome on my Macbook or Windows 10 the website says its secure. Is there a test that I can run to see whats causing https://primelab.io to come up as Connection Not Secure in Firefox?
Sarin'efijery napaingotra

All Replies (2)

more options

Looks like parts of the website are not secure. When I have HTTPS-Only mode enabled then it comes across as secure. ( Tools -> Settings -> Privacy & Security -> HTTPS-Only Mode section. )

Looking at the source code of the page, looks like there are a couple images being loaded with HTTP protocol which is probably causing the mixed response message.

more options

The attached screenshot showing what images loaded and what the DevTools console says about the insecure images, is from my old test page: https://www.jeffersonscher.com/res/mixed-display.html. You can choose the experience you prefer:

(1) Allow mixed: load insecure display content (images) into secure pages, show the warning lock icon (default in Firefox)

(2) Load upgradable images: try upgrading http to https on display content URLs, show a broken image icon if the source site doesn't support https (default in Chrome; hidden option in Firefox)

(3) Ignore insecure images: do not attempt to load insecure display content into secure pages, show a broken image icon for those images (hidden option in Firefox)


And here's how you play with it:

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future. Since we have had this setting for a long time and I use it myself, I feel comfortable mentioning it.

(B) In the search box in the page, type or paste display_content and pause while the list is filtered

Firefox should display two preferences:

  • security.mixed_content.block_display_content
  • security.mixed_content.upgrade_display_content

If you want option (1) -- Firefox default:

(C) Set the preferences as follows:

  • security.mixed_content.block_display_content => false (if needed, double-click to switch true to false)
  • security.mixed_content.upgrade_display_content => false (if needed, double-click to switch true to false)

If you want option (2) -- like Chrome:

(C) Set the preferences as follows:

  • security.mixed_content.block_display_content => either works
  • security.mixed_content.upgrade_display_content => true (double-click to switch false to true)

If you want option (3) -- obsolete now that we have option (2):

(C) Set the preferences as follows:

  • security.mixed_content.block_display_content => true (double-click to switch false to true)
  • security.mixed_content.upgrade_display_content => false (if needed, double-click to switch true to false)