Connection is not secure, gray lock with yellow triangle on it
Hi, When I go to a very well and popular website www.twitch.tv I see a gray padlock with a yellow triangle on it, it says "connection is not secure" in red.... It also says when I click on the tab "your connection is not private and information you share with this site could be viewed by others... this website contains content that is not secure such as images" Does this mean people that come to the site or people that operate the site will be able to see my personal information such as passwords? I am confused because this is a very popular site that has millions of viewers and followers.. Can someone please explain what this is and is it not safe for me to use this site? Thank you soo much I really appreciate it.....
All Replies (7)
Also wanted to add is this something that only I see or everyone that uses firefox that goes to this website see the same thing as me? Thank you soo much...christhegamer
Ti ṣàtúnṣe
There is "mixed content" in the page. If you check the Page Info dialog, Media panel, you can see various images are embedded using HTTP rather than HTTPS. Screen shot attached.
How dangerous is that? Firefox will completely block the most dangerous insecure content. The reason images are allowed with only a warning is that it's quite difficult to steal information out of a page with images. This article has more information: Mixed content blocking in Firefox.
Ti ṣàtúnṣe
Hello jscher2000, thank you for your quick response... So is the website perfectly safe from other users on the site obtaining my personal information? Also is this something that everyone sees on the site twitch.tv? Like does everyone who is using firefox see this same gray padlock with a yellow triangle on it image? Thank you so much for your help this is my last question....
Ti ṣàtúnṣe
I can only speak for myself and I see it, as illustrated in my screenshot.
In this case, the insecure images seem to be hosted on separate servers:
- static-cdn.jtvnw.net
- s.jtvnw.net
The fact that these are hosted on a different server is important and helpful.
The reason is that mixed content from the same server could leak cookies. What I mean is, the main server is going to set cookies that identify your session so as you browse the site, the site knows exactly who you are. When those cookies are sent with a request for an HTTPS page or image, the cookies are encrypted. However, if they are sent with a request for an HTTP page or image, they are not encrypted.
This would be of greatest concern on an open (insecure) wi-fi connection where it is not uncommon for people to be listening. If someone captures your current session cookies and the site is not designed to prevent session hijacking, then that user might be able to take any action you could take. This is why it is often recommended to use a VPN on any public wi-fi.
Again, in this case, since the insecure content on this page is from a completely different server, that's not a risk on this page.
Oh ok thank you soo much for all your helpful information, so great it seems that everyone sees the same thing that I see right? the gray lock with the yellow triangle... If someone can just confirm that everyone sees that on the twitch.tv page.. Thank you soo much guys...
As was posted in first link "Because this project is a gradual process, you may see mixed content warnings from your browser telling you that different sections of a page have different levels of security applied. These mixed content warnings are all part of the update process"
Perfectly normal to see it in meantime and the Settings and Payments options are on https.