2 preferences have been added to block loading contents from non-SSL (
http) sites on SSL (
https) pages. Scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets can be blocked with
security.mixed_content.block_active_content, and other static contents like images, audios and videos can be blocked with
Though both are disabled (
false) by default for now, such contents won’t be loaded if a user enables those preferences. Note that the former preference
security.mixed_content.block_active_content will be enabled by default in a future version of Firefox. Webmasters should make sure not to mix non-SSL contents on SSL pages.