With Google® using SSL as a signal in its search engine results and groups such as the EFF calling for increased security on the Web, ensuring that websites handle HTTPS gracefully is increasingly important.
One common issue is that many Web pages are mixed content pages, containing both HTTPS and HTTP elements. Script, link and even some CSS elements may refer to other URLs, some of which might not be secured with HTTPS. This can be the case even if the main page is secured. Having a page with mixed content can lead to security holes as well as browser errors that reduce the confidence a website visitor has in a page.
If you have a mixed content page and want to bring it up to snuff, there are a few things you can do:
- If the content is being served off your own domain and the HTTPS version of the content exists, you can change the links from http:// to https:// and that should do the trick.
- If the content is on another site, you can try to access it with HTTPS. If that doesn’t work, it might be possible to contact the other site and request the content be made available over HTTPS.
Also, if you elect to go all HTTPS, you’ll likely want to redirect HTTP so visitors won’t receive errors. Check out Redirect Your Site Using the Site Redirects Manager for instructions how to do that.
Learn about the four types of SSL certificates available.
Also published on Medium.