Share via

Edge security warning

Umrah Taxi VIP 20 Reputation points
2026-03-10T08:39:39.6633333+00:00

Microsoft Edge showing a "connection not secure" warning on my website. My website is Link removed by Moderator, and SSL is installed. However Edge sometimes blocks the page and says the connection might not be private. Chrome loads the website normally. What could be causing this?

Microsoft Edge | Other | Windows 11

Locked Question. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Q&A Assist
    2026-03-10T08:39:54.5833333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    In Microsoft Edge, a site can still trigger “connection not secure” or “this connection might not be private” warnings even when an SSL certificate is installed, if any of the following conditions are met:

    1. Certificate or TLS issues specific to Edge
      • Edge evaluates the certificate and TLS configuration and may flag:
        • Invalid, expired, or misconfigured certificates.
        • Self-signed or untrusted certificate chains.
        • Outdated or weak TLS configurations.
      • Other browsers (like Chrome) can sometimes be more tolerant of borderline configurations, so they appear to “work” while Edge warns.
      • In Edge, the address bar icon and message will show one of these states:
        • Connection secure (valid certificate) – no warning.
        • Not fully secure (no valid certificate) – data is not protected.
        • Outdated security configuration (not valid, expired, self-signed) – Edge recommends avoiding the site.
        • Suspicious or dangerous website (phishing or malware) – flagged by Microsoft Defender SmartScreen.
    2. SmartScreen reputation or content-based blocking
      • Microsoft Defender SmartScreen can block or warn on a site if it considers it potentially unsafe based on:
        • URL/domain reputation (new domain, low traffic, or bad history).
        • Page content (deceptive forms, scripts, or phishing-like layout).
        • File behavior (downloads without proper signatures).
        • TLS security (certificate validity, protocol version).
        • User feedback and dynamic behavior (redirects, obfuscation, etc.).
      • If any of these checks fail, Edge may show a red warning page suggesting the connection is not private or that the site is unsafe, even though HTTPS is technically enabled.
    3. Mixed content or non-secure subresources
      • If the main page is loaded over HTTPS but it pulls scripts, images, or iframes over HTTP, Edge treats the page as only partially secure (mixed content).
      • Edge may automatically upgrade some HTTP resources to HTTPS, but if that fails, it can block them and still mark the page as not fully secure.
    4. HTTPS-First Mode and insecure fallbacks
      • Edge’s HTTPS-First Mode automatically upgrades HTTP to HTTPS and warns when a secure connection cannot be established.
      • If any redirect or resource on the site falls back to HTTP or uses an insecure endpoint, Edge can show warnings about an insecure or not private connection, while other browsers may be less strict or show a less prominent warning.
    5. Intermittent or environment-specific issues
      • Warnings that appear “sometimes” can be due to:
        • Intermittent certificate chain resolution issues (e.g., OCSP/CRL checks failing).
        • Network middleboxes or proxies interfering with TLS only for some users or sessions.
        • SmartScreen reputation still building for a relatively new site, causing inconsistent reputation decisions.

    To reduce or eliminate these warnings:

    1. Ensure the certificate and TLS configuration are fully valid
      • Confirm the certificate is not expired, is issued by a trusted CA, and includes the correct hostnames.
      • Ensure the full certificate chain (intermediate certificates) is correctly installed.
      • Use modern TLS versions and ciphers as recommended by current best practices.
    2. Eliminate mixed content and insecure resources
      • Serve all resources (scripts, images, CSS, iframes, APIs) over HTTPS.
      • Configure the server to redirect all HTTP requests to HTTPS.
    3. Improve SmartScreen and security posture
      • If Edge shows a SmartScreen unsafe warning but the site is safe, use the “Report that this site doesn’t contain (malware/phishing) threats” link on the Edge warning page so Microsoft can review and adjust the reputation.
      • Follow secure development practices:
        • Use HTTPS with a valid certificate.
        • Block iframes from unknown third-party content.
        • Use Content Security Policy and secure headers.
        • Regularly scan for malware or webshells.
        • Maintain stable hosting and DNS to build domain reputation.
    4. Check the connection icon and messages in Edge
      • When the warning appears, note exactly which of the four states Edge shows in the address bar and whether the page is flagged as “suspicious or dangerous website” (SmartScreen) or “not fully secure/outdated security configuration” (certificate/TLS). This will pinpoint whether the issue is certificate/TLS, mixed content, or SmartScreen reputation.

    If the site is confirmed safe and correctly configured, reporting it via the SmartScreen feedback link on the warning page is the supported way to have Microsoft review and adjust the classification.

    References:

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest