What is HTTPS?
HTTPS stands for HTTP Secure. With HTTPS pages, encryption is added to requests sent and received. It has 3 main benefits:
- Authenticity – the browser checks that it has opened the correct website
- Data integrity - the browser can detect if an attacker has changed any data it receives
- Secrecy – the browser can prevent an attacker from eavesdropping on requests, tracking websites visited, or stealing information sent or received
What is mixed content?
An example would be if you are using a Moodle site where all pages are HTTPS, and you link to a video that is on a HTTP page, then the connection will be only partly encrypted.
Mixed content weakens HTTPS as these requests are vulnerable to an attacker eavesdropping on a connection, and seeing or changing the communication.
How to view blocked mixed content?
By default, mixed content is blocked in Internet Explorer 10+, Firefox 23+ and Chrome 21+. When mixed content is blocked, you will see a blank page or ‘Only secure content is displayed’.
- Go to the top of the page, left of the address bar, and click the shield icon
- In the pop-up window, click the down arrow next to ‘Options’, and click ‘Disable protection for now’
- Click the shield icon on the right side of the address bar
- In the icon dialog box, click ‘Load unsafe scripts’
- Go to the bottom of the screen, and click ‘Show all content’