Mozilla plans to launch a new feature in Firefox 60 that upgrades optionally-blockable mixed content on HTTPS sites to HTTPS if possible.
The migration to an HTTPS powered World Wide Web is in full swing. One of the byproducts of the migration is that some sites may load HTTPS and HTTP content. This is called Mixed Content and it is undesirable as it reduces security and privacy if loaded.
Mixed Content is divided into blockable and optionally-blockable content. Modern web browsers block any content that may interfere with the display of data on HTTPS web pages if it is loaded using HTTP.
Think of a script that is loaded from an HTTP resource on an HTTPS site. Browsers don't block optionally-blockable content usually on the other hand. This is static content such as images or videos that can't interfere with the web page or data directly.
Firefox displays a different lock symbol on sites with mixed content that is optionally blockable. The browser displays a green lock symbol on HTTPS sites without mixed content.
While optionally-blockable mixed content is less dangerous than blockable mixed content, it is still problematic from a privacy point of view.
Mozilla Firefox 60 includes a feature that changes the browser's behavior when it comes to mixed content that is optionally blockable.
Firefox attempts to load mixed content that is optionally blockable from HTTPS domains instead of the referenced HTTP domains. If the resource cannot be loaded, it is not displayed at all. This can lead to image, video or audio content not being shown correctly in the browser because of the change.
The limitation is likely the main reason why Mozilla won't activate the feature by default in Firefox 60.
The feature won't be enabled by default in Firefox 60 but users can set it to enabled in the following way:
You can revert the change at any time by setting the preference to false, or by right-clicking on it and selecting the reset option from the context menu.
Now You: Do you care about mixed content? (via Sören)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.