Are your SSL web pages plagued by the browser warning “This page contains both secure and nonsecure items. Do you want to display the nonsecure items?”
This is a common error that occurs when some element on a secure web page (one that is loaded with https:// in the address bar) is not being loaded from a secure source. This usually occurs with images, frames, iframes, Flash, and JavaScripts. There are a few ways to fix it:
1. Change all URLs to https
Just open up the offending web page and search for http://. Change the references on all images, iframes, Flash, and Javascripts to https://. For example.
<img src="https://www.domain.com/image.gif" alt="" />
This may not work if you are loading an image from another site that does not have SSL set up. Also, with this method you’ll be loading SSL images even when the client is loading from a non-secure page. This will add extra processing load on the server and client. This is definitely not recommended for a high volume site.
2. Change all links to // or make them relative
Rather than changing all the links to https://, change them to just //
<img src="//www.domain.com/image.gif" alt="" />
Alternatively, if the images or scripts are located on the same domain, you can access them relatively, rather than absolutely:
<img src="image.gif" alt="" />
Using this method, the browser will know that it must load the image securely if the web page is being loaded securely but it will also load the image normally if the page is not being accessed securely. The image will still need to be available on the other server securely. This is likely the best method of getting rid of the pesky “Do you want to display the nonsecure items?” warnings.
3. Change the browser settings
It is best to change the code of the page that is giving the error, but if you don’t have access to change the code, you can always tell your personal web browser not to display that message. To do so follow these steps for Internet Explorer:
1. Go to Tools, Internet Options.
2. Select the “Security” Tab and then click on the “Custom Level” button.
3. Scroll down until you see the option: “Display mixed content”. Select “Enable”.
4. Click Ok. Then you will get a “Security Warning” pop-up. Click Yes.
One common reason that this warning shows up is using normal Google Analytics code on a secure page. It is a simple fix to enable Google Analytics on a page using SSL.
If you use the unsecure Google Analytics code on one of your secure web pages your web browser will warn that there is some page content that is not secure. This problem can be easily solved by slightly changing the code used to load Google Analytics.
Instead of:
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
Use:
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
If you still get the "page contains secure and nonsecure items" after changing that code you should check for other page elements that are using http instead of https.
Google’s information about using SSL with Google Analytics is also available.
Update: Google has now updated the Google Analytics code to use ga.js instead of the urchin.js file. In the process, they have implemented code that will automatically detect whether http or https needs to be used. The new code will also enable new features so it is recommended that you upgrade. This will solve the SSL problem so you won’t need to worry about the solution above. The upgrade instructions can be found here.
No responses so far, want to say something?