This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

HTTPS displays as non secure for RBC bank

more options

I went to the web site "https://jobs.rbc.com/ca/en" and Firefox shows lock with a caution symbol icon, see enclosed. However when I open "web developer" then "network" to view what part is not secure none of the components are insecure even when I scroll through the list.

Why does Firefox 64 show the site as insecure?

I went to the web site "https://jobs.rbc.com/ca/en" and Firefox shows lock with a caution symbol icon, see enclosed. However when I open "web developer" then "network" to view what part is not secure none of the components are insecure even when I scroll through the list. Why does Firefox 64 show the site as insecure?
Attached screenshots

Modified by Mace2

All Replies (7)

more options

Hello mace2,

Would you please take a look at this article :

https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox

When you scroll down some, you will see :

A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content, such as images. By default, Firefox does not block mixed passive content; you will simply see a warning that the page isn't fully secure. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site.

more options

I see the shield icon indicating that Content Blocking is active. You can check the Web Console tab to see more detail about what content is blocked by CB and what content is loaded over an open HTTP connection causing the exclamation mark to appear.

more options

The web console shows the following info that the network view did not initial.

Loading mixed (insecure) display content “http://assets.phenompeople.com/CareerConnectResources/RBCAA0088/en_ca/desktop/assets/images/thumb/bup/I&TS.png” on a secure page[Learn More]

I am still not sure why the network view did not show the insecure value. It does now

more options

Attached the now working view from "web developer" "network" showing non https components.

more options

I am using FF64.0.2 and click the link and clicked the login and got no warning about security.

more options

If you would hover such an image then you should see a preview. This is a problem with the website. Firefox merely warns you by showing an exclamation mark attached to the padlock. You can contact the website to inform them about this insecure mixed content on their pages.

more options

I would not expect to see that on the bank's own secure pages, but these job listings might not be equally secure because they could contain "user generated content" on HTTP paths that the person submitting the listing never tested in a secure context (or didn't care!).