Web design & marketing tips by Ironpaper

Mozilla Firefox 23 to take a hard line against mixed SSL web content

Written by Ironpaper | Apr 10, 2013 4:20:10 PM

Mozilla Firefox 23 is taking a stance against a common bad practice of websites providing mixed secure SSL and non-SSL content on a web page. This update is actually a big change for the web browser. Many browsers have ignored the practice and allowed for mixing SSL content with non-SSL content on the same page.

Stop mixed SSL and non-SSL content

The practice nullifies the benefit of employing SSL for users. For example, what if a session cookie containing login info is part of the non-SSL content delivered to a user.

The new Firefox browser version will make this security preference default.

security.mixed_content.block_active_content

Web elements that will be affected by the new Firefox security blocker will include insecure scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets.