FYI: Preferences to prevent non-SSL contents on SSL pages from loading have been added

Published: | Categories: Privacy & Security | Creative Commons BY-SA 3.0


2 preferences have been added to block loading contents from non-SSL (http) sites on SSL (https) pages. Scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets can be blocked with security.mixed_content.block_active_content, and other static contents like images, audios and videos can be blocked with security.mixed_content.block_display_content.

Though both are disabled (false) by default for now, such contents won’t be loaded if a user enables those preferences. Note that the former preference security.mixed_content.block_active_content will be enabled by default in a future version of Firefox. Webmasters should make sure not to mix non-SSL contents on SSL pages.