What is HTTPS?
HTTPS stands for HTTP Secure. With HTTPS pages, encryption is added to requests sent and received. It has 3 main benefits:
- Authenticity – the browser checks that it has opened the correct website
- Data integrity - the browser can detect if an attacker has changed any data it receives
- Secrecy – the browser can prevent an attacker from eavesdropping on requests, tracking websites visited, or stealing information sent or received
What is mixed content?
Mixed content is where a HTTPS web page which starts with https:// contains links to a sub-resource HTTP page which starts with http://. Examples of sub-resource pages are images, videos, extra HTML, CSS, or JavaScript.
An example would be if you are using a Moodle site where all pages are HTTPS, and you link to a video that is on a HTTP page, then the connection will be only partly encrypted.
Mixed content weakens HTTPS as these requests are vulnerable to an attacker eavesdropping on a connection, and seeing or changing the communication.
How to view blocked mixed content?
By default, mixed content is blocked in Internet Explorer 10+, Firefox 23+ and Chrome 21+. When mixed content is blocked, you will see a blank page or ‘Only secure content is displayed’.
Firefox
- Go to the top of the page, left of the address bar, and click the shield icon
- In the pop-up window, click the down arrow next to ‘Options’, and click ‘Disable protection for now’
Chrome
- Click the shield icon on the right side of the address bar
- In the icon dialog box, click ‘Load unsafe scripts’
Internet Explorer
- Go to the bottom of the screen, and click ‘Show all content’
Comments
0 comments
Please sign in to leave a comment.