Read more

Firefox: Inspecting mixed content warnings (and how to enable them)

Arne Hartherz
October 29, 2012Software engineer at makandra GmbH

Having your site run on SSL is worthless when you include content over an unsafe connection (HTTP).

Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

Here is how to hunt down mixed content with Firefox.

How to enable mixed content alerts

If your Firefox does not warn you about mixed content on pages (mine did not), you can enable it again:

Visit about:config and search for security.warn_viewing_mixed. If it's set to false, set it back to true again.

Seeing which URLs are fetched from unsecured connections

Firefox 16+ will show you mixed content in its "Web Console".
Open it from the "Tools" menu or by pressing Ctrl + Shift + K.

Requests appear in black text. If you are on a secure connection, mixed content from HTTP sites will appear in red.

If there are too many requests in the log, you can use the filter field on the top right and put "http://" in it.

Posted by Arne Hartherz to makandra dev (2012-10-29 15:32)