How to Disable the “Firefox has blocked content that isn’t secure” Message

I do a lot of work with Firefox, as its developer tools outshine all the other browsers, hands down.  But recently I’ve been getting a lot of sites appearing without CSS.  As it turns out, there’s actually “mixed content” on the page, and the default security setting is to block that content.  Normally I agree with security settings in general, but I know what I’m doing, and this is just a massive annoyance.  There are ways around this though. 

1) You can add the toggle mixed content add-on from here

2) However, my preferred method is to disable the feature in the browser by doing the following.

Enter about:config into the Firefox address bar (confirm the info message in case it shows up) & search for the preference named security.mixed_content.block_active_content. Double-click it and change its value to false.

After this, you’ll be browsing without that annoying security blockage, and everything will feel back to normal.

19 responses to “How to Disable the “Firefox has blocked content that isn’t secure” Message

  1. What does “knowing what you’re doing” have to do with mixed content? If you instruct your browser to load active mixed content on an HTTPS page, you’re destroying the security of all pages on that domain, and probably not just for that visit.

    I’m curious what sites you’re encountering that are broken in Firefox due to mixed content blocking. Especially if they’re somehow not also broken by other browsers.

    Have you tried contacting the site authors, asking them to fix their sites? Any webmaster who goes through the effort of setting up HTTPS would probably want to know if they’re doing something that negates its security.

    1. The issue isn’t always as simple as fixing a webpage. As such, I just work around the problem with the solution presented. If you don’t like the idea – that’s fine – there’s those of us out there that are willing to accept the risks, knowing full well what they are.

  2. Perfect!

    Just what I’m looking for.

    I’m developing a Zendesk App, so I follow the step 2 and works for me.

    Thank you!

  3. Thanks for this which solved a problem with not, over the past few weeks, being able to see a “live” timetable for my local swimming pool. I also recently wasn’t able to make a booking at a local theater because of the same issue, until I used internet explorer. (IE today gave me a warning about insecure content, which prompted me to Google whether that was the problem and hence found your site).

    I wonder how many small businesses are losing trade because of this; and should the issue be highlighted more with web designers and with Mozilla itself?

    Thanks again for the help.

  4. Thank you. The widgets on my IGhome home page like Nooa Weather suddenly were blocked. This restored functionality.

  5. Thanks for the pointer in the right direction and two solutions to the problem. I’m puzzled though, if it’s a security risk, why not allow us to selectively exclude domains from mixed content filtering rather than having to take this extreme “all or nothing” approach.

    My problem was with an internal domain inside my company, which I use reguarly (too often to faff about with a toggle switch), but having to force mixed content means I’ve now had to expose all browsing.

    Now I know what the problem is, I’ll probably run it in IETab and allow mixed content in IE but put Firefox back into filter mode.

    1. Sorry Chris, this is something I wrote 4 years ago. It’s not something I’ve seen since, so I don’t know if the advice still applies in the product today any longer.

  6. There must be a new setting protecting mixed content as toggling security.mixed_content.block_active_content no longer resovle the issue in FireFox.

    I know in the past it had worked. Just wanted to update you on this.

Comments are closed.