Content from loopback addresses (e.g. should not be considered mixed content

Duplicate Issue #16110645 • See Issue #11963735


Sai d.
Feb 26, 2018
This issue is public.
Found in
  • Microsoft Edge
  • Internet Explorer
See progress on Bug #11963735
Reported by 3 people

Sign in to watch or report this issue.

Steps to reproduce

According to the w3c spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:

In other words, e.g. fetch(‘’) on a HTTPS site should be allowed without triggering the mixed content blocker.

Note Chrome and FireFox only whitelist ‘’ and '::1’. See:


0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “James M.”

    • Hi James, are there any updates to this issue?

    • Any update?

    • Microsoft Edge Team

      Changed Status to “Duplicate”

    • Hello,

      Thank you for providing this information about the issue. We previously confirmed the problem and published a solution in Edge 16245. We are resolving this issue as a duplicate of an existing internal bug report. We look forward to additional feedback you may have on how we can improve Microsoft Edge.

      Best Wishes,
      The MS Edge Team

    • This bug has marked as duplicate. Please follow the parent issue to get new updates.

    You need to sign in to your Microsoft account to add a comment.

    Sign in