“This Page Contains Both Secure and Non-Secure Items”

By David Pratt / Tags: debugging, html, security / 2 Comments / Published: 24-11-09

If you are familiar with the message above, then you have probably seen it a hundred times before.

This Page Contains Both Secure and Non-Secure Items

Do you want to view only the webpage content that was delivered securely

It is caused (as I’m sure you can figure out from the title) by having non-secure items on a secure page i.e. having an asset that sits on the HTTP protocol being called from a secure HTTPS page. This often occurs on checkout confirmation pages, or sign up thank you pages where a developer has a included an absolute path to something that sits on the HTTP protocol. In my experience this is very often 3rd party tracking pixels or marketing banners that have been added as an afterthought.

There is a very straightforward solution to this problem however, all you need to do is use a protocol-independent absolute path that switches between HTTP and HTTPS depending on what protocol the asset is currently sat on. To do this you need to modify (in the case of images) the src path so that it looks something like:

<img src="//daipratt.co.uk/i/tracking.png"/>

All I have done here is drop the “http:” from the url, leaving the “//” behind. If you are looking at a page in SSL through HTTPS, then what it will do is request that asset with the HTTPS protocol, otherwise it’ll request it with HTTP. This then prevents the annoying error message as all of the page assets are sat on the same protocol.

Category: Tech

Tags: debugging, html, security

Posted: on November 24th, 2009 at 10:14 am.

Feeds: RSS 2.0

2 Responses to ““This Page Contains Both Secure and Non-Secure Items””

Remo December 29th, 2009 at 9:29 pm

Is there a reason why you start your urls with two slashes?

Stuart Leitch June 17th, 2010 at 12:37 pm

They are protocol-relative hyperlinks. See http://nedbatchelder.com/blog/200710/httphttps_transitions_and_relative_urls.html

What do I do?

Broadly speaking, I specialise in creating websites. Not the design, but the stuff that makes it work, web application development some might call it. Expect to read about JavaScript & jQuery, new web technology, innovative front-end solutions, SEO, Drupal & PHP, and the occasional post about where I feign knowledge in marketing and analytics.

If you'd like to talk to me about a project you can either email me or say hello over at my companies website.

Lifestream

Liked The Noob Guide to Online Marketing [INFOGRAPHIC] | Unbounce.

— 11h ago via StumbleUpon

Inbox zero is not going well [daipratt]

— 15-05-12 via Twitter

Liked 2 websites.

— 13-05-12 via StumbleUpon

RT @Zoocha: We've just given the Drupal section on our website a refresh -- check it out! http://t.co/1E4n81pv #drupal #longoverdue [daipratt]

— 11-05-12 via Twitter

RT @Eggfreerecipes: I've been a busy bee this bank holiday, check out all my May day bakes http://t.co/PPx6s6Cc - I will start the diet ... [daipratt]

— 08-05-12 via Twitter

RT @Willhuggins: Zoocha are looking for graduate web developers with super powers to learn new magic! http://t.co/KimOOfDE [daipratt]

— 03-05-12 via Twitter

Bear Vs. Shark are on Spotify! [daipratt]

— 03-05-12 via Twitter

Wish there was a mute button for Gary Neville #chelseabarca [daipratt]

— 24-04-12 via Twitter

RT @Zoocha: We are on the lookout for at least one new Graduate Web Developer to join us here at @Zoocha #jobs #it #graduate http://t.co ... [daipratt]

— 18-04-12 via Twitter

If you are involved in the management / running of a digital agency - this book makes interesting reading: http://t.co/NrY4WnLH [daipratt]

— 13-04-12 via Twitter

Bangkok 8am smog. http://t.co/QDidYpgu [daipratt]

— 26-03-12 via Twitter

Just booked the right flight, on the wrong day #norefunds #iamatwat [daipratt]

— 21-03-12 via Twitter

RT @CommerceGuys: Commerce Guys Receives $5 Million in Funding to Grow #Drupal #Commerce http://t.co/x2vXtKxX [daipratt]

— 06-03-12 via Twitter

Listened to Thanks for Nothing - My Passion.

— 20-02-12 via Last.fm

Very much agree with Joel Spolsky here on the upside-down management pyramid: http://t.co/zwNvQsmY [daipratt]

— 16-02-12 via Twitter

RT @sickipediabot: Grammar. The difference between knowing your shit and knowing you're shit. [daipratt]

— 15-02-12 via Twitter

RT @drupaltruth: You call it burn out. I call it a bad attitude that requires adjustment. [daipratt]

— 11-02-12 via Twitter

RT @kwestin: Asking me to sign an NDA before having coffee to discuss your startup idea is like me asking you to buy condoms before I me ... [daipratt]

— 06-02-12 via Twitter

Well put... "The modern robber obtains prior approval from the institution he is fleecing." http://t.co/U6Y9M9QZ @GeorgeMonbiot [daipratt]

— 25-01-12 via Twitter

Maddox nails #SOPA http://t.co/S8dbSywk [daipratt]

— 19-01-12 via Twitter

RT @FuckingDevTips: The hard fucking problems are the ones worth solving. [daipratt]

— 17-01-12 via Twitter

Shared Public Data Sets : Amazon Web Services.

— 15-01-12 via Delicious

Shared JavaScript pattern and antipattern collection.

— 15-01-12 via Delicious

Decent collection of JavaScript & jQuery patterns and anti-patterns #javascript #jquery http://t.co/tYYkDYrN [daipratt]

— 15-01-12 via Twitter

Good article on startup ideas... think big! http://t.co/x31r4Ian #startup [daipratt]

— 15-01-12 via Twitter

daipratt.co.uk

“This Page Contains Both Secure and Non-Secure Items”

2 Responses to ““This Page Contains Both Secure and Non-Secure Items””

Who is daipratt?

What do I do?

Recent posts

Top tags

Post archives

To-do list

Subscribe

Lifestream

daipratt.co.uk

“This Page Contains Both Secure and Non-Secure Items”

2 Responses to ““This Page Contains Both Secure and Non-Secure Items””

Related Posts

Who is daipratt?

What do I do?

Recent posts

Top tags

Post archives

To-do list

Subscribe

Lifestream