As we know, Mozilla is a user-friendly and in-demand browser that frequently changes its version in order to provide a better user experience. Recently, Mozilla announced that a big change in its browser’s version – 23 is on the way. The reason behind this hype is upcoming web standards that will ban Mixed SSL content on the Firefox browser. Many websites use mixed SSL content with non-SSL content on the same page like HTTP and HTTPS.
Having mixed SSL content can reduce the effectiveness of SSL security for your eCommerce business. Although this will not cause any harm to your website’s security; the browser will not only show the warning message but also will block the mixed contents.
“That means insecure scripts, style sheets, plug-in contents, inline frames, web fonts and web sockets are blocked on secure pages, and a notification is displayed instead,” Mozilla developer said in her blog post.
Rather to break the pattern of web experience, this update will secure the web experience in a fresh way.
Why say “NO” to Mixed Content:
Why this update is coming? As per the security engineer of Mozilla “When the HTTPS page has HTTP content we called it a mixed content”. The webpage that the user is visiting is partially encrypted so attackers can easily take benefit of partially encrypted content. It is better to remove mixed content from the upcoming version and provides complete security to users. The Mixed content blocker will block HTTP requests on HTTPS pages. Mixing both HTTPS and HTTP can create an error message in your browser as well. To prevent such situation it is desirable not to use mixed up content with HTTP and HTTPS while developing your website.
Larissa Co – a member of Mozilla’s user experience team has developed a security UX framework for a mixed content blockers that is described below.
- If a user visits an HTTPS page with mixed content they will see the below browser image.
- When a user clicks on the shield, he will find the following image in browser.
- If a user does not want to block then, select Not Now option.
- However if a user select “Disable Protection on This Page” then all mixed content will load on HTTPS page and a yellow padlock will appear showing warning.
Firefox version-23 Aurora (pre-Beta) will be released on May 17, 2013. The new version is to enhance the security for users. However, it will not choke up “display content” like images, videos, or audio.
If you are running, an eCommerce business then it is recommended to encrypt your site with SSL Certificate security to avoid unexpected threats or hacking. You should avoid using mixed content (absolute and relative path) on your website while developing your website. This kind of small error invites hackers; you can prevent this by following advice for your valuable clients’ security and avoiding errors and warnings. Develop your website’s pages with the relative paths so, browsers can easily access your website (without any warnings or errors) and clients can get enhanced security on your eCommerce websites.
Image Courtesy: blog.mozilla.org