When you protect your site with an SSL certificate, visitors may receive mixed content warnings from their browsers if you have not secured all the content being displayed on a page visited. In this scenario, content that has not been secured can be read and/or compromised, even though the page itself is encrypted.
These warnings can concern visitors, who may perceive your site to be unsafe. You can prevent this issue occurring by configuring your site to only serve secure content.
Mixed content scenarios
There are two of “mixed content” scenarios to be aware of:
- Mixed Active Content (or Mixed Scripting) – in this scenario, the site loads a script using an insecure connection. Web browsers will block this type of potentially dangerous content completely.
- Mixed Passive Content (or Mixed Display Content) – here, the site loads an image or audio file over an insecure connection. As the content is “passive” (that is, not a script or other executable), web browsers are not as strict with blocking it. However, it can trigger warnings, destroying visitor confidence.
Find mixed content
An easy to use resource for finding mixed content on your site is Why No Padlock? Enter the URL of pages which are receiving content errors and the site will automatically scan for issues.
Why No Padlock? will uncover insecure calls to images, CSS stylesheets, scripts and other resources, identify expired SSL certificates, and more.
Serve all content via HTTPS
To resolve mixed content warnings, ensure all of your content is served over HTTPS connections. Where warnings occur, search your page’s HTML for HTTP elements and delete or switch to HTTPS, if the content is available securely. To make the switch, simply change the HTTP hyperlink (http://www.somedomain.com/foo.png) to HTTPS (https://www.somedomain.com/foo.png).
If you notice any problems or if you need any help, please open a new support ticket from your HostPapa Dashboard. More details on how to open a support ticket can be found here.