Non SSL content on SSL Pages will be blocked

It’s been a pet annoyance at BetterWebSpace in recent years to see secure websites (those protected by an SSL certificate) have insecure elements on them. Stylesheets, images and external references are the most common culprits simply because they haven’t been referenced securely.

Firefox 23 will block these elements by default (and it may only be a matter of time before other browsers follow suit!), so it’s time to start cleaning up those references…

Load WhyNoPadlock.com and submit the secure version of your site, this will give you a good idea of what might be wrong to starting working from.

Fix up references to external sites

Search for references to http:// in your secure files, you have two choices with this (and we’ve covered the two ways to handle them below):

Change links to https://

Simply changing the http:// to https:// will work in a lot of cases, this will force the external resource to be loaded securely.

However, this won’t work if you are loading an images from another site that does not have SSL set up. You will also end up loading resources securely even this is a non-secure version of your page (this adds extra work for the server and the client browser).

A better alternative (in our opinion): change links to //

Again find all references to http:// but just remove the “http:” leaving //, using this method the browser will only load the secure version if it needs to.

Fix up local files

If the resources are on the same domain, rather than including them via their full URL you could access them relatively, for example:

<img src="http://www.mydomain.com/image.jpg" alt="" />

Could simply be changed to:

<img src="/image.jpg" alt="" />

This is a good start, but if you need more help please contact us!

Leave a Reply

Your email address will not be published. Required fields are marked *