When you have to send sensitive or personal information over the internet, most of the responsible websites make use of the SSL/TLS encrypted connection (also known as the HTTPS or secure connection). This way anything that you send or receive from that website is encrypted and anybody trying to intercept the data in the middle cannot get any information (other than encrypted data which is useless for them). But when implementing the secure connection over HTTPS, some websites make the mistake of mixing the secure and in-secure content, i.e., some of the content is loaded through the encrypted secure connection while other is loaded through insecure un-encrypted connection. This can put the sensitive information that you send at risk. Such websites are said to serve mixed-content.
When you visit a mixed-content website in Mozilla Firefox, it changes the the favicon to a gray colored warning sign indicating that – “although this site is loaded through an encrypted connection, some of the elements are still being loaded through insecure unencrypted connection and might jeopardize your data security”.
But this warning sign does not always equate to insecure or compromised website. Sometimes the elements that are loaded insecurely over HTTP protocol are from an add-on in Firefox, or some logo or images that do not pose any threat to data encryption.
So before you fret about a mixed-content website and start thinking about the worst possible scenarios, you should check which of the content is loading insecurely on a website. If this content is from an add-on or just some logo image, then you do not really have to worry much. But if the insecure content is an active content (Flash, scripts, etc.), then you should not use it to send any sensitive information like a password or financial information.
In order to find which insecure content is being loaded in a website in Firefox, you can press the hotkey Ctrl+Shift+J to open the Browser Console window. In this window, type mixed or insecure in the search box. This will show you all the warnings about the mixed content.
A typical warning about mixed contents goes like this – “Loading mixed (insecure) display content on a secure page ‘http://www.dummysite.com/logo.png'”. You can see whether the content is loaded from a third party site or from a browser add-on. In the above screenshot of Youtube URL, the insecure content is not from Youtube but from a Firefox extension.
Conclusion: The mixed-content loaded in a website indicates that the site administrator did a hurried up job and you should always check which of the insecure content is being loaded in order to stay on the safe side. Using the Browser Console feature, used mostly by web designers, you can find out the insecure or mixed content loading in a website.