If you are familiar with the message above, then you have probably seen it a hundred times before.
It is caused (as I’m sure you can figure out from the title) by having non-secure items on a secure page i.e. having an asset that sits on the HTTP protocol being called from a secure HTTPS page. This often occurs on checkout confirmation pages, or sign up thank you pages where a developer has a included an absolute path to something that sits on the HTTP protocol. In my experience this is very often 3rd party tracking pixels or marketing banners that have been added as an afterthought.
There is a very straightforward solution to this problem however, all you need to do is use a protocol-independent absolute path that switches between HTTP and HTTPS depending on what protocol the asset is currently sat on. To do this you need to modify (in the case of images) the src path so that it looks something like:
All I have done here is drop the “http:” from the url, leaving the “//” behind. If you are looking at a page in SSL through HTTPS, then what it will do is request that asset with the HTTPS protocol, otherwise it’ll request it with HTTP. This then prevents the annoying error message as all of the page assets are sat on the same protocol.