Viewing all items for tag HTTPS

Website Security: Fixing SSL Mixed Content Errors

What are mixed content errors?

Mixed content errors are reported by web browsers when an SSL (Secure Socket Layer) certificate is installed and active for the website and domain, but content is still being loaded over the HTTP protocol.

When an SSL certificate is installed and configured for a website the protocol of the website is set to HTTPS. This indicates to the server that the data should be sent securely using the SSL to encrypt the data before it is sent to the server, and then to have it decrypted once it reaches the server. Sometimes, however, a website is setup to use the HTTPS protocol, but some assets on the website (such as images, or external assets such as libraries) may still be loaded over HTTP. If this is the case, the browser will display what’s known as a mixed content error.

Here’s an example of how Google Chrome reports a mixed content error:

Example: Mixed Content SSL Error

To generate this error, I simply setup the website’s logo to load over HTTP instead of HTTPS.
Continue reading…