: How to prevent browser to block mixed content (http content in a https site) I'm installing SSL in many websites, almost all of those don't give me any problem at all, but some of them do.

@Annie201

There is another solution - as mentioned here on the Google developers site
Short: you could either use upgrade-insecure-requests - which will result in the non-https widgets not being displayed (quote:if the resource is not available over HTTPS, the upgraded request fails and the resource is not loaded. This maintains the security of your page)- it's not supported by all browsers however.
Alternative is to use block-all-mixed-content - which will block all insecure content (even if it's inside an iframe) - not very sure about browser support.

Haven't used either one - but could be worth checking.

Vote Up Vote Down

@Turnbaugh106

Sorry to be the bearer of bad news but the issue is with your site and there's no way to prevent a obviously intended notification. The notification informs users that the site is not fully secure, which its not if you are using 3rd party scripts over HTTP. If you want to solve the problem then you must use on all local and external resources.

So if you want users knowing that your site is fully secure and you want Google to reward a bit of SEO value to the site because of it, then you must either have them upgrade to SSL or ditch the widget all together... there is no workaround for this issue... Also rather than using you should opt to use //example.com/image.jpgif the site is accessible via both protocals.

Your three options are:


Remove the widget.
Accept the notification
Ask them to upgrade the API service to HTTPS.

Vote Up Vote Down