Monthly Archives: September 2018

HTTPS & Mixed Content

With Chrome now labeling sites accessed via regular HTTP as “Not Secure”, SSL/TLS support is becoming even more common. However, simply installing an SSL certificate doesn’t necessarily result in your site showing up as “Secure” (Chrome) or with a green padlock (Firefox). Instead, you might see the following in the Firefox URL bar:

And in Chrome you might see this in the security overview (Menu -> More Tools -> Developer Tools -> Security):

Although not immediately clear from the Firefox URL bar, you can see from Chrome that the issue is with mixed content being loaded. This means that although the page was accessed via HTTPS, regular HTTP content is being loaded within it. For this example, the page in question has the following code in it:

<img src="http://demo.dathorn.com/logo.png">

Continue reading