Stopping this message from popping up depends on what browser you’re using. Before I tell you how to fix this, let me first explain what this message is all about.
Become a Patron of Ask Leo! and go ad-free!
When you connect to a site via HTTPS, the remote site fetches the files and other information that appear on your screen using the encrypted HTTPS (‘S’ standing for secure) connection.
HTTPS protects you in a couple of different ways:
- It confirms that you’ve connected to the specific site requested and not some impostor.
- It encrypts the information as it travels between your machine and the server so people can’t listen in on what you’re doing.
HTTPS and regular old HTTP (without the ‘S’) can be used at the same time, and therein lies the problem.
Mixing HTTPS and HTTP
Now, a web page may be fetched using HTTPS, but sometimes, that page also references content using an unencrypted HTTP connection. A great example might be an image on that site.
Typically, the displayed text and information are encrypted and secure, but its often easier for web site developers to leave things like logos, signatures, or just pictures of any sort to be fetched using an unsecure HTTP connection – typically because those items are often used on both HTTP and HTTPS pages. For example a company web site that has a logo on their HTTP home page might use that same image fetched via HTTP when you move into their shopping cart on an HTTPS connection. It’s “just” a logo, and there’s really no security issue in doing so.
For the browser, strictly speaking, this is still a security hole.
Somebody that’s snooping might not be able to see the words or text on the page – the really sensitive information – but they might be able to see the pictures that you’re seeing and from where they’re coming.
Other types of information might also be loaded through HTTP connections, even though your primary connection to the page is HTTPS. That’s why the browser is configured to warn you when this happens. Or if acting more strictly, the browser warns you that it is blocking all unencrypted and unsecure content that’s being referenced by a page that was fetched using HTTPS.
Ultimately the fault really lies with the web site designer’s use of both HTTPS and HTTP information on the same page.
There are lots of reasons why they might, but ultimately, they shouldn’t really be doing this to be secure and the browser is telling you.
How to turn it off
Now, this warning (and variations of it) are common. Lots of web pages still have this problem, and as a result people see the warning message and get annoyed by it.
If you’re using Internet Explorer, go to Tools > Internet Options > Advanced. In the list of various options under Security, uncheck the item that says, “Block unsecured images with other mixed content.” That should make that warning go away.
If you’re using a browser other than Internet Explorer, there will be an option similar to that usually down one of the Advanced Options paths.
As I said, strictly speaking it remains a security issue, but I really don’t think it’s an important issue for most people and most sites, and turning the warning off is OK. What matters most is that your primary connection to the web page – the URL that you enter or are directed to when accessing secure information – uses HTTPS.
6 comments on “Why Does My Browser Warn Me that “Only Secure Content Is Displayed?””
While it probably is remote, what happens if the HTTP site is hijacked? Couldn’t the hijacker use that as a wedge to get your information that you are trying to keep secure (e.g. bank or credit card numbers)?
i get this message when i access public (Wales ) library site so i took Leos advice however the box described was already unchecked
I went and checked the internet tools advanced security and the box you told me to select was already unchecked.
Any other ideas, please. It really does bother me because it takes up a lot of my screen each time until I hit the “go away”.
Leo- out of the blue the message “show content” on bottom of my yahoo mail account, keeps coming up. I followed your recommendation to Internet Option- Advanced, but my “Unblock ” wasn’t even checked! U said to uncheck it- Yahoo gives me much trouble, with my computer! Gmail too, never, ever have an issue. Why is that? Anyhow- beginning yesterday, that message comes up at bottom, every single time & is very annoying. I didn’t change or do anything,- except, my computer did over 100 automatic updates yesterday- so? Since then, this began. I delete 95% of my yahoo emails- most from facebook people. So in-between checking & deleting- that ‘show content’ message comes & I X out of it. Thanks if u can help. Judy B
Interestingly, this message has just started showing up on one site only – yours! Using ie11 on Win 10. Have changed settings to “display mixed content” and it seems to work.
The box is unchecked and the message still pops up. Any other ideas?