Troubleshooting: Unsecured or Mixed Content – “Your connection to this site is not fully secure”

Mixed Content warnings happen with all certificates now regardless of certificate type.  The most drastic loss in functionality though is EV certificates. Even though an Extended Validation (EV) SSL certificate may have been installed in https (The channel of the website that performs encryption) on a website some browsers may require that the entire site, all resources, images, and links be secured within in https as well. Failure to do this may turn off the EV green URL bar. Which is a desired feature when purchasing a EV SSL certificate. 

If No Padlock, no Green barthe certificate is not an EV SSL certificate, just a Domain Validated (DV) or Organization Validated (OV) SSL certificate  then typically there may be a padlock missing near the URL bar even though the site is still in https.

Insecure ContentThere are many reasons why a browser would refuse to turn on the green bar feature. or not display the padlock in the URL bar, which typically is the universally accepted symbol of a secure https session.

This article though will help you understand the primary reason Unsecured or Mixed content.


Depending on the browser the depiction of this issue will be stated differently. Typically near the https: there may be a broken padlock icon,  exclamation point, or a shield.

Clicking on these icons will usually display more information about what is going on with the website.

For Example…

FireFox will state:“Connection Partially Encrypted” or “Unsecured Content”

Older versions of chrome will state: “However, this page included other resources which are not secure.”

Troubleshooting: Unsecured or Mixed Content - "Your connection to this site is not fully secure"This means that somewhere on the website there is a link or an image that will point a visitor of the website outside of a secure session.

Here is an example scenario of the cause:

You go to a made up website that pulls you into a secure session such as https://www.nogreenbar.com everything within that session needs to be secure as well. Any links or images when clicked on that will take someone out of that secure session will be denoted in the browser as “Connection Partially Encrypted” or “Unsecured Content.”

If for example there is a link in https://www.nogreenbar.com for the websites blog that will send visitors to http://blog.nogreenbar.com. This blog link when when clicked on sends visitors out of the secure https  session Thus why we may see the “Connection Partially Encrypted” or “Unsecured Content.” warning messages or no padlock.


Resolutions:

Some people will over look this issue as it does not impede encryption from taking places ever with these unsecured sources. All unsecured http resources need to be moved over to a HTTPS connection.

  1. Troubleshooting Mix ContentThere is a web tool that is designed to point out the unsecured links at Https://www.whynopadlock.com/
    These problem links your web-developer will have to make sure wont take visitors out side of a secure session. Update the HTML to request those resources from https instead of http.
  2. Google Chrome has a feature in its developer tools that will show you the problem links.
    While on the website in Chrome Open the Security Developer Tools and bring focus to the console by pressing Ctrl+Shift+J, or press F12 on your keyboard to bring up the Security developer tab to get a summary of all things security related to the webpage.
    The problematic links will be displayed as “Mixed Content” along with any other issues Chrome finds. Chrome will also tell you how to resolve the issues as well.
  3. The example below states that the problem is with an insecure image.Chrome Mixed Content
    Changing the image from http to https fixes the issue.
  4. Another option is to Ignore it.
    Some sites are designed in such a way that images, advertisements , etc.. will cause the Mix Content issue. Depending on the website such as a blog for example the posts, or images that are put up by users will cause this issue. Highly unlikely you will encounter a https blog because of this issue but..

If you are not able to make these edits on your own then you will have to contact your web developer, or web host in order to make the adjustments necessary to get rid of these warnings when in a https session.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »