Firefox: disable "This Connection is not Secure" warnings

Martin Brinkmann
Jun 13, 2017

Firefox displays "This Connection is not Secure. Logins entered here could be compromised" warning messages when sites don't protect their login pages with HTTPS.

The idea behind the feature is to display a visual reminder to Firefox users that the data that they enter into a form is not protected when they hit the login or submit button on websites that don't use HTTPS.

While that is a handy reminder for many inexperienced Firefox users, experienced users may not find it super handy to have.

The main reason for that is that you can look at the page address, or the lock icon, displayed in the browser's address bar to see the same thing. If there is a red strike-through lock icon, and if the site is not using https, then anything that you enter on the site and submit is not encrypted and thus readable.

This Connection is not Secure

this connection is not secure

The prompt, as useful as it may be to some users, may cause two issues for other users. First, it prevents that login information is filled out automatically on affected sites.

Firefox's password manager won't fill out the information automatically, so that you need to do so manually in some way. This may be the sane thing to do on new sites, but if you are a regular on a site that has not just yet switched to HTTPS, you may trust the site enough to want Firefox to continue filling out the information to improve the login process.

The second issue is not as dramatic, but the prompt may overshadow other page elements. If the username and password prompt are displayed vertically, the username prompt warning may overshadow the password field.

Mozilla notes that you can just hit Enter to dismiss it, but this did not work for me. Whenever I hit the Enter-key, the data was submitted. Clicking outside the box helps however and dismisses the box.

Disabling the contextual warning

security insecure field firefox

Here is how you disable the "this connection is not secure" warning in Firefox:

  1. Load about:config in the Firefox address bar and hit the Enter-key.
  2. Search for security.insecure_field_warning.contextual.enabled.
  3. Double-click the preference.

The default value of the preference is true, which means that the feature is enabled and that Firefox will display warning prompts when you activate insecure login fields. If you set it to false, those warnings are not shown.

Toggling the preference won't have any effect on the automatic filling out of forms on HTTP pages.

firefox autofill http

You need to modify another preference of the Firefox web browser for that.

  1. Open the about:config page again.
  2. Search for signon.autofillForms.http.
  3. Double-click the preference.

The default value of false prevents the Firefox web browser from filling out form information on HTTP pages. If you set it to true, Firefox will auto-fill form pages on HTTP pages as well.

Closing Words

The warnings will become less and less as time passes as more and more sites will migrate to HTTPS.  The warnings may raise awareness, and that is definitely a good thing. Statistics on how many users are leaving the login pages of sites where the warning message is displayed would be useful

Now You: Do you find the prompts useful?

Firefox: disable
Article Name
Firefox: disable "This Connection is not Secure" warnings
Find out how to disable the "This Connection is not secure" warning message in Firefox when you try to log in to websites using the browser.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on March 15, 2023 at 9:53 pm

    nice. it was helpful

  2. EpsilonAlpha said on October 1, 2022 at 5:27 am

    If i find it useful? Since security.insecure_field_warning.contextual.enabled = false doesn’t work anymore, the most useful thing i can do is to kill firefox of my computer!

    Such a bullshit sry, but that’s ridiclous! There are countless devices which are not encrypted, like for example my router in my home network! And that bullshit browser doesn’t let me log into it, fuck off firefox! I switch back to chrome even when i know, my things get tracked there because i need something that works!

  3. Robert said on September 11, 2022 at 1:44 pm

    The security.insecure_field_warning.contextual.enabled = false setting has stopped working for me. It does not work in Firefox 104.0.2 in Debian.

  4. thomas edison said on July 16, 2019 at 9:57 am

    This works for me …

  5. Ariyaratne said on March 3, 2019 at 5:14 pm

    I uninstalled Kaspesky internet security software. I problem disappeared.

  6. aaaa said on January 18, 2019 at 2:45 pm


  7. Anonymous said on October 22, 2018 at 9:34 pm

    Maybe I have a related problem. The more recent pop-up is “SEC_ERROR_UNKNOWN_ISSUER” which occurs even on most https sites.

  8. gdwitt said on October 22, 2018 at 9:32 pm

    This doesn’t work from within my corporate intranet. I’ve tried it over several days. About 80% of external tech sites cause this error. It is very challenging to find anything without adding exceptions that get erased.

  9. Ulf said on January 30, 2018 at 11:00 pm

    Firefox continues to annoy me with this kind of crap. My first reaction was to switch to Chrome.

  10. Roberto said on December 9, 2017 at 9:12 am

    Still I can’t open the page I want. Im going to use Chrome :-(

  11. SherwoodSpirit said on November 9, 2017 at 9:59 pm

    The warnings come up on (and interfere with) our company internal pages that we must use to log and track our jobs. No one outside this company would give the slightest shit about what’s on these pages. So the warnings are a constant useless annoyance. Thanks for providing the means to make them go the hell away. Firefox has become so consistently annoying in the last couple years. Don’t get me started on New Tab behavior. Ugh.

  12. hector said on October 10, 2017 at 4:56 am

    thanks to this stupid alert I have two fuckings hours dealing with selenium because when I execute the method accept in the alert. it redirects me to the main page of login, thank you so much firefox for wasting my time.

  13. Anonymous said on August 23, 2017 at 7:35 am

    Thanks a lot. that was useful.

  14. shoey said on July 29, 2017 at 5:43 am

    i have windows 10. i tried the 2 steps above but it still doesnt work, still say connection not secure, any suggestions?

  15. Mr Janus said on July 16, 2017 at 8:49 pm

    Thanks for this info. I run a remote desktop connection to my server, where I login to my SmarterMail installation for administration purposes. Whilst I can see how these warnings might have some use, they are just annoying on LAN based remote desktop connections. They also prove to be extremely annoying in login boxes, where the warning obscures the bottom text entry box… as is the case with SmarterMail.

    Sadly, this is all too common with Firefox’s attitude to users and functionality. It’s a case of “Sod the users, let’s just make a point”. Thankfully, there are users like yourself who are providing the solutions that the Firefox team couldn’t be bothered to think about. They need to remove the blinkers every now and again and take a good look at the real world.

    1. ikomrad said on May 23, 2021 at 7:17 pm

      I agree. It’s still a problem in 2021. I run a bunch of internal servers on my home lan without installing certificates on their web interfaces.

      Firefox will never learn.

  16. Juris said on June 25, 2017 at 7:17 pm

    Thanks. Very help me!!! :)

  17. mikef90000 said on June 13, 2017 at 10:27 pm

    This feature doesn’t bother me as I rarely encounter it.
    What is Far more annoying are the useless dialogs that complain about an ‘invalid (https) site configuration’ or somesuch AND REFUSE to provide more details AND an option to ‘Proceed With Caution’.

    The unsupervised dev-children at Mozilla are Really starting to annoy me.

  18. dmacleo said on June 13, 2017 at 9:03 pm

    anyone know if this can be applied through a group policy setting on windows domain?
    have not dug into firefox adm files to see.

  19. Clairvaux said on June 13, 2017 at 5:41 pm

    What takes the biscuit is when you get a warning — not this type, the one that covers the whole page and refuses to take you there, saying the site is not secure or something — for security-related sites.

  20. jasray said on June 13, 2017 at 4:01 pm

    “A site that has not just yet switched to HTTPS” needs to be avoided. An SSL Certificate is inexpensive enough for any site that is worth visiting. If the admin of a site is so inexperienced and cheap that he/she won’t/can’t’ add a simple feature, then the site should be boycotted, blocked, avoided, denounced, trashed, hacked–whatever it takes–to wake the lazy creature from the slumber of stupidity and gross negligence. SSL is really a feature that tells visitors that “We care.”

    Donation Coder, by the way, uses https://–

    1. andy said on December 1, 2017 at 3:25 pm

      How is an ssl certificate cheap. Most I have seen cost money and as I only play with websites as a hobby I dont need to be tolld its insecure.

      whats worse is not being able to access my webhost manager as even adding an exception leads to a 404.

      its more money grabbing for someone.

    2. duffy said on June 18, 2017 at 12:04 am

      Not true. If it’s an informational site there is no value in making it https. Especially if there are no accounts involved. Sure I believe responsible sites -should- do it. There is no danger in going to it, other than pissing off https zealots, and that might be a good reason to leave it at just http, just knowing there are such zealots rage quitting your site.

  21. b said on June 13, 2017 at 12:15 pm

    I find this feature very useful. as for sites that I visit regularly, I recently chose to send a mail( alias of course ) with screenshots asking politely if they would please consider to migrate to HTTPs. so far 2 sites did.

  22. Curtis K said on June 13, 2017 at 12:09 pm

    An company/developer (stupid) reported about this on BMO (Bugzilla @Mozilla) called: Oil and Gas International (search Oil and Gas International Mozilla) see and

  23. Thorky said on June 13, 2017 at 8:52 am

    Hi, has signon.autofillForms.http to be on false (default) oder true?

    Please don’t set a dot behind about:config-terms like signon.autofillForms.http … some guys may copy the dot too, which causes trouble. ;)

    1. Martin Brinkmann said on June 13, 2017 at 8:56 am

      If you want auto fill on insecure pages (HTTP), you set the value to true.

  24. Skyfoogle69 said on June 13, 2017 at 8:26 am

    “but if you are a regular on a site that has not just yet switched to HTTPS, you may trust the site enough to want Firefox to continue filling out the information to improve the login process.”

    It doesn’t have anything to do with trusting the site tho, does it? The website sees what your doing anyway. Correct me if I’m wrong but isn’t https more for protection of man-in-the-middle attacks then for anything else? Requested http sites can be manipulated and read from anybody inside your local network as well as from anybody else that sits between you and the actual site.

    So it’s not actually about trusting the website but trusting your local network, your ISP etc.

    1. Martin Brinkmann said on June 13, 2017 at 8:28 am

      You are right, that is the most important factor.

  25. Elias Fotinis said on June 13, 2017 at 8:13 am

    Anyone in programming, I.T. or customer support knows that these things are totally useless. Just a mild annoyance to those who know what they’re doing. The rest will click through everything. We already have popups about cookies, fullscreen, location, camera/mic. Why not just put up a giant warning when starting a session, saying “The internet is bad, mmmmkay?” You really can’t teach adults how to be careful, trustworthy, responsible, etc. Not by laws and certainly not by warning labels.

    1. Jed said on June 13, 2017 at 2:36 pm

      > You really can’t teach adults how to be careful, trustworthy, responsible, etc. Not by laws and certainly not by warning labels.

      That’s untrue, see the food market as an example. Informed users make decisions based on information provided, it just needs to be presented in a way that lets us take a decision after just a quick glance at it.

      Warning fatigue is slightly different and is indeed related to “getting in the way” and “being obnoxious”.

    2. Skyfoogle69 said on June 13, 2017 at 8:33 am

      I agree that the cookie warnings are just unnecessarily annoying. However, I definitely think that it’s a good thing, that your browser asks you, if you want to share your location data or if you want to give the site access to your mic/camera. Otherwise everybody would just do it. Or would you prefer e. g. Google listening and literally watching you all the time?

      1. Lionman said on August 25, 2017 at 1:26 pm

        > Or would you prefer e. g. Google listening and literally watching you all the time?
        You don’t really have a choice.
        As if a single half-assed notification will stop Google Analytics from keeping watch on you.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.