This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How safe is a website with some passive insecure content?

more options

On some websites I visit the icon in the address bar is a grey padlock with an orange warning triangle. These same websites show up as unsecured in Chrome and Edge as well. Although I've been assured by the site owner(s), in this case Tracfone, that any information I enter is safe, I kinda need some reassurances that it is indeed before I enter CC financial information.

I've read the section about mixed passive content but remain unclear.

Thanks.

On some websites I visit the icon in the address bar is a grey padlock with an orange warning triangle. These same websites show up as unsecured in Chrome and Edge as well. Although I've been assured by the site owner(s), in this case Tracfone, that any information I enter is safe, I kinda need some reassurances that it is indeed before I enter CC financial information. I've read the section about mixed passive content but remain unclear. Thanks.

All Replies (1)

more options

Let's assume the best case scenario, that the insecure content consists of images served by the site itself on HTTP instead of HTTPS. Why are they doing that?!

To confirm what it actually is, you can try this:

Open Firefox's Web Console in the lower part of the tab using either:

  • "3-bar" menu button > Web Developer > Web Console
  • (menu bar) Tools > Web Developer > Web Console
  • (Windows) Ctrl+Shift+k

In the search box that has "Filter output" as its placeholder, type mixed and then reload the page in the upper part of the tab. Firefox should identify the mixed content and you can evaluate whether it is from a trusted site or is something that doesn't belong in the page.

If it's from the site and they were just a bit sloppy (!!), it's unlikely they will try to steal any information about your session with their own site. If it's from a different or unrelated site, that would be suspicious. I think it's preferable not to have any mixed content for important accounts.