We know that SSL certificates are an important part of managing a website, but that’s only one half of the coin. What happens when your code isn’t addressing the SSL at all? This is called mixed content, and it’s a pesky issue for website owners.
What is Mixed Content?
Mixed content is a little technical, but it has real effects on your site if it isn’t addressed.
Mixed content happens when your HTML is loaded over an HTTPS connection. The issue is, you’re loading both HTTP (unsecured) and HTTPS (secure) content on the same page. You’re loading an HTTPS webpage, but non-HTTPS resources like images, videos, scripts, and more are mixing in.
You not only have to have SSL but you have to make sure your code is compliant. For Example:
A typical website page with images could load one image from a secure source (HTTPS), and another image from an insecure source (HTTP). So after installing the SSL certification on your site, this means the code on your website page will have to be scanned to make sure it’s compliant and not loading any of its content from any insecure sources.
For example, this website https://very.badssl.com/ has the SSL certificate but both the image of the dog and the form under it are not using https. This makes Chrome warn you that the site is not fully secure.
Mixed Content degrades the security and user experience of your HTTPS site
Google can lower your website ranking making your website appear at a lower position in a search result. This can also prevent users from visiting your website and using your services. You can read more in The New York Times’ What Chrome Means by ‘Not Secure’ article.
To verify if your code needs to be edited, VND can scan your website, free of charge. Contact us for a scanning session