Stopping this message from popping up depends on what browser you’re using. Before I tell you how to fix this, let me first explain what this message is all about.
Become a Patron of Ask Leo! and go ad-free!
When you connect to a site via HTTPS, the remote site fetches the files and other information that appear on your screen using the encrypted HTTPS (‘S’ standing for secure) connection.
HTTPS protects you in a couple of different ways:
- It confirms that you’ve connected to the specific site requested and not some impostor.
- It encrypts the information as it travels between your machine and the server so people can’t listen in on what you’re doing.
HTTPS and regular old HTTP (without the ‘S’) can be used at the same time, and therein lies the problem.
Mixing HTTPS and HTTP
Now, a web page may be fetched using HTTPS, but sometimes, that page also references content using an unencrypted HTTP connection. A great example might be an image on that site.
Typically, the displayed text and information are encrypted and secure, but its often easier for web site developers to leave things like logos, signatures, or just pictures of any sort to be fetched using an unsecure HTTP connection – typically because those items are often used on both HTTP and HTTPS pages. For example a company web site that has a logo on their HTTP home page might use that same image fetched via HTTP when you move into their shopping cart on an HTTPS connection. It’s “just” a logo, and there’s really no security issue in doing so.
For the browser, strictly speaking, this is still a security hole.
Somebody that’s snooping might not be able to see the words or text on the page – the really sensitive information – but they might be able to see the pictures that you’re seeing and from where they’re coming.
Other types of information might also be loaded through HTTP connections, even though your primary connection to the page is HTTPS. That’s why the browser is configured to warn you when this happens. Or if acting more strictly, the browser warns you that it is blocking all unencrypted and unsecure content that’s being referenced by a page that was fetched using HTTPS.
Ultimately the fault really lies with the web site designer’s use of both HTTPS and HTTP information on the same page.
There are lots of reasons why they might, but ultimately, they shouldn’t really be doing this to be secure and the browser is telling you.
How to turn it off
Now, this warning (and variations of it) are common. Lots of web pages still have this problem, and as a result people see the warning message and get annoyed by it.
If you’re using Internet Explorer, go to Tools > Internet Options > Advanced. In the list of various options under Security, uncheck the item that says, “Block unsecured images with other mixed content.” That should make that warning go away.
If you’re using a browser other than Internet Explorer, there will be an option similar to that usually down one of the Advanced Options paths.
As I said, strictly speaking it remains a security issue, but I really don’t think it’s an important issue for most people and most sites, and turning the warning off is OK. What matters most is that your primary connection to the web page – the URL that you enter or are directed to when accessing secure information – uses HTTPS.