Dealing with HTTPS and pesky mixed content

Oil the lock

With Google® using SSL as a signal in its search engine results and groups such as the EFF calling for increased security on the Web, ensuring that websites handle HTTPS gracefully is increasingly important.

One common issue is that many Web pages are mixed content pages, containing both HTTPS and HTTP elements. Script, link and even some CSS elements may refer to other URLs, some of which might not be secured with HTTPS. This can be the case even if the main page is secured. Having a page with mixed content can lead to security holes as well as browser errors that reduce the confidence a website visitor has in a page.

If you have a mixed content page and want to bring it up to snuff, there are a few things you can do:

  • If the content is being served off your own domain and the HTTPS version of the content exists, you can change the links from http:// to https:// and that should do the trick.
  • If the content is on another site, you can try to access it with HTTPS. If that doesn’t work, it might be possible to contact the other site and request the content be made available over HTTPS.

Also, if you elect to go all HTTPS, you’ll likely want to redirect HTTP so visitors won’t receive errors. Check out Redirect Your Site Using the Site Redirects Manager for instructions how to do that.

Learn about the four types of SSL certificates available.

Wildcard SSL Certificate
Extended Validation SSL Certificate
SAN SSL Certificate
Organization Validation SSL Certificate

Also published on Medium.

Image by: AZAdam via Compfight cc

Christopher Carfi
A veteran of both startups and the enterprise, Chris has a deep track record in developing customer community and evangelist programs for brands such as Adobe, H&R Block and Aruba Networks while holding executive positions at Ant’s Eye View and Edelman Digital, and he was co-founder and CEO at Cerado. He currently lives in the Bay Area with his family.