How can I stop Tracking Protection forcing a website to appear as text only? ("Connection not secure")
I have been using the forums at https://www.nsxprime.com/forum/ for years but recently both of my computers display the forums as text only, nmaking it unusable.
When I click the yellow exclamation mark preceding site URL address it tells me "Connection not secure. Parts of this page are not secure (such as images)". The is an option to "Disable Protection for now" but this only works one page at a time, so I have to disable protection for each new page.
Note this does not occur 1) when I access the same site in Chrome 2) for other users on NSXprime 3) on any other sites I access in my (daily) use of Firefox
I cannot find a way around this and I am commited to Firefox, so any and all suggestions appreciated.
(PS: I have a couple of relevent screenshots but the Browse & Upload function never completes here)
Chosen solution
ninja2 said
Wondering what is different about Safe Mode and why it would be working when normal mode is not?
One possible culprit would be an extension; extensions are disabled in Safe Mode. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
- type or paste about:addons in the address bar and press Enter/Return
In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything that seems related to connection security or HTTPS? If in doubt, disable (or remove).
Any difference?
Read this answer in context 👍 1All Replies (20)
Try disabling Tracking Protection {web link}
I did go into options before posting my question and set Tracking Protection to "Never" - I assume this means disabled?
Sadly it made no difference, partly why I posted this question.
Finally got a few screen snippets to load ... see attached.
I notice the button in my 3rd snippet says "Disable Protection for now" and this is not what I see in the help link provided by FredMcD where the button is labelled "Disable Protection for this site". I would like that latter option, but it's not available for me?
Also curious that Chrome displays this site normally, while Firefox doesn't.
Modified
The second screenshot is not about Tracking Protection, but about mixed content.
What are the current pref settings for blocking mixed content?
- security.mixed_content.block_active_content
- security.mixed_content.block_display_content
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
You can check the Web Console for more detail about what content this is about.
The screenshots also suggest that CSS files are blocked. This could mean that the website is meant to be accessed via an open HTTP connection and not via a secure HTTP connection, so give that a try the change the protocol to http://.
I'm a bit out of my depth but I thought mixed content is a subset of Tracking Protection?
My mixed content settings are shown in attached (active content: true, display content: false)
Entering http:// address makes no difference as it immediately reverts to https:// anyway.
I'm new to Web Console but found how to open it OK. Looks like pretty much everything to do with active and display content are being blocked. (see attached).
Modified
I'm currently getting a 500 "Internal Server Error" response code from the site, so I can't confirm my suspicion.
Which is this:
Based on what you have reported, this site is not meant to be accessed using HTTPS. For now, you will need to use an HTTP address for full functionality, and you can encourage them to reconfigure their site for HTTPS for everyone's benefit.
If you encounter this problem often, you might be using an extension which tries to upgrade your connections from HTTP to HTTPS, such as HTTPS Everywhere. If you get an error page when you first do this, often it indicates that the certificate is for a different site. That's your big red flag that the site is not set up for HTTPS and although you can try to force it, that's going to be frustrating and probably give you a broken experience.
If you edit the address bar from https:// back to http:// and load the site that way, hopefully it will work normally.
hmmm ... as I said editting https:// to http:// makes no difference as it reverts to https://
To be fair I did try again just now however I also see the site is down at present (very unusual!) and even if I use Chrome. I expect it will be back up soon.
BTW the target site is a very large, long standing and popular site with many users online all the time. I did post on their site seeking help a few days ago, but so far I'm the only one reporting the issue there.
ninja2 said
hmmm ... as I said editting https:// to http:// makes no difference as it reverts to https://
And you don't use any extensions that might be forcing that?
well I usually use this bookmarked URL: http://www.nsxprime.com/forum/forum.php sorry I don't know if .php extension forces https ... beyond my pay grade :)
BTW the NSXprime website is still down (HTTP Error 500) so looks they have a serious problem, but probably unrelated to my issue. (I have been experiencing my Tracking Protection/mixed_content issue for > 1 week and they only went down today)
Modified
http://www.nsxprime.com/forum/forum.php
Is still down.
yep ... I'll reply here once it's back up.
OK the site is back up and the site administrator has responded to my query on this issue.
In case that link fails I've also attached his reply below. He also suggests simply using http in lieu of https, but I've just tried again and that still doesn't work.
Modified
I had no problem with http://www.nsxprime.com/forum/forum.php
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
Type about:preferences<enter> in the address bar.
- Cookies; Select Privacy. Under History, select
Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network.
[v57+] Select Privacy. Across from Cached Web Content, Press Clear Now.
If there is still a problem, Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.
A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?
While you are in Safe Mode;
Try disabling graphics hardware acceleration in Firefox. Since this feature was added to Firefox it has gradually improved but there are still a few glitches.
How to disable Hardware Acceleration {web link}
I followed your instructions as best I could, but it looks like some words were lost just after " Under History, select ..."
Anyway I - cleared all cookies related to NSXprime and - emptied my Cache using the "Clear Now" button - started in Safe mode and the site works fine :)
But when I revert to normal mode the problem reappears !?! :( For some reason it still forces https:// mode to appear, even if I enter http://
Modified
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
Type about:preferences<enter> in the address bar.
- Cookies; Select Privacy. Under History, select
Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network.
[v57+] Select Privacy. Across from Cached Web Content, Press Clear Now.
If there is still a problem, Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.
A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?
While you are in Safe Mode;
Try disabling graphics hardware acceleration in Firefox. Since this feature was added to Firefox it has gradually improved but there are still a few glitches.
How to disable Hardware Acceleration {web link}
Sorry I don't understand why you've repeated those instructions. As mentioned I followed them as best I could (clearing specific cookies and emptying the cache) and only safe mode works.
I have moved to my second computer, and without clearing the cookies or cache I started in safe mode and it works fine.
But once again when I revert to normal mode and it doesn't work (i.e forces https:// and only text appears). That's two different computers giving exact same fault.
This whole situation seems very odd. I am using Firefox all the time accessing many other sites and this issue does not arise. It doesn;t happen with Chrome. Plus I am the only user on NSXprime that is experiencing this issue, and even others in this discussion have accessed the NSXprime site no problem. Weird.
FWIW I will try clearing cookes and cache on this computer, shortly. If that doesn't work I will re-install Firefox and see if that helps.
Modified
Well nothing I tried worked, so I did a full uninstall + computer start + reinstall + refresh of Firefox.
NO LUCK ... NSXprime still all text (grrrr...)
On re-install I was expecting to enter my Sync account details before all my bookmarks / home page etc were available, but they just appeared anyway without me entering my login details. (That 's a bit curious, there must be some firefox config data retained on the computer even following an uninstall)
I even tried removing Hardware Acceleration, for completeness.
getting a little desperate :(
Wondering what is different about Safe Mode and why it would be working when normal mode is not?
Chosen Solution
ninja2 said
Wondering what is different about Safe Mode and why it would be working when normal mode is not?
One possible culprit would be an extension; extensions are disabled in Safe Mode. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
- type or paste about:addons in the address bar and press Enter/Return
In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything that seems related to connection security or HTTPS? If in doubt, disable (or remove).
Any difference?
You can check the SiteSecurityServiceState.txt file in the profile folder for references from this domain and removed the lines from that domain when present. That website really needs to be accessed via HTTP and not via HTTPS.
You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").
Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks and history and Cookies and passwords and cache and exceptions, so be cautious. If you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.
You can't recover from this 'forget' unless you have a backup of involved files.
If you revisit a 'forgotten' website then data from that website will be saved once again.
jscher2000 said
One possible culprit would be an extension; extensions are disabled in Safe Mode.
Success! I have two Add-ons / extensions installed: DuckDuckGo Privacy Essentials and Tab Session Manager
I disabled both at first, but found I only need to disable DuckDuckGo and I can access the site just fine :)
Would this be an issue with DuckDuckGo Privacy Essential that I should report somewhere, or is it really just NSXprime that needs to do something?
I'll have a look at the SiteSecurityServiceState.txt file as well shortly, but probably academic now.
BIg thanks to everyone who contributed, and your patience.
PS: I'll mark this as Solved once I've seen this solution works on my other computer too.
PPS: For future issues, how would I uninstall Firefox such that *everything* is removed, to the extent I would have to enter login details (after re-installing) to retrieve my synced data?
Modified
That extension may "upgrade" connections to HTTPS automatically but I've never investigated it myself. You could check whether it has options to let you control that or make exceptions.
ninja2 said
PPS: For future issues, how would I uninstall Firefox such that *everything* is removed, to the extent I would have to enter login details (after re-installing) to retrieve my synced data?
If this is just for testing, you can create a new profile. This takes about 3 minutes, plus the time to test your sites.
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Click the Create a New Profile button, then click Next. Assign a name like March2018, ignore the option to relocate the profile folder, and click the Finish button.
After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but please ignore them.)
Firefox should exit and then start up using the new profile, which will just look brand new. Skip past any screens asking you to activate extensions so that you get a clean test.
Do your sites work any better in the new profile?
When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.
Modified