• Home page
• Blog
• Solving 'This page contains both secure and nonsecure items' errors

Solving 'This page contains both secure and nonsecure items' errors

Have you ever set up an https part of a website and seen the errror: 

This page contains both secure and nonsecure items, do you want to display the non-secure? 

Explorer shows an alert error which can seriously deter your customers, Chrome and Firefox are a bit more subtle turning the https padlock red in the navigation bar, but again this is pretty off putting to your customers.

The first thing to do is look at your source. All remote files should be linked relatively meaning they will be retrieved using the same protocal as the page (https) this applies to images, external javascript files, external stylesheets, iframe/frame content, flash etc. The only place you see http in your source is in links and forms e.g. paths off of your page. As part of this step mke sure any tracking you are using (Analytics etc) is also using a secure connection. If you suspect that a piece of code is causing the error, temporarily remove the suspect code and refresh the page, if the error has gone away you have found your culprit and need to see the documentation from the tracking provide as there will be a solution.

One thing to point out here is that the different browsers report these problems differently making it harder to resolve the problem is some browsers than others. Chrome especially seems to hang onto the error, caching it up (even after you clear the complete history) making it hard to resolve if the error is fixed or not. Explorer for once seems more reliable here, if the connection is secure - no alert, if its nonsecure - the alert shows.. therefore, for once, explorer is first choice.. However Chrome can be useful in reporting where the insecure content is. open the developer tools (spanner > tools > developer tools) reload the page, and the insecure content is listed.. usually.

Another way to trace the issue is to remove or comment out blocks of code. comment out the whole page the error should go.. gradully reintroduce blocks until the error comes back.

One thing you to be aware of here is redirects. If you have any server side redirects it could take you from a file on https to http without you realising. An example might be an image in your style sheet that doesn't exist and your server redirects the request to a non-secure error page. One way to find these is to see which resources are being requested then call them directly in your browser, if the url is redirected you have found your culprit. Chrome is very good here as viewing source allows you to click the external links..

The reason this issue is in my thoughts at the moment is I have just spent a couple of hours trying to resolve an issue that turned out to be an embdeded swf, the object tag had 'codebase=...' in it removing this stoped the 'nonsecure items' error. 

 

 

 

 

Please rate this article

Click the stars below to give this article a mark out of 10

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 5 / 10

Related Articles

php prepared (parameterized) statements into arrays
7 Sep 2011 | Posted by: Paul Whittington
A couple of functions to get data from a database into an associative array using prepared or parametized queries, that therefore overcome the danger of sql injection.

Post your comments...

We would really appreciate any comments or additions that you have. Include a link in your comment and if we think your comment is appropriate we will publish it. If found this article in any way useful we would really appreciate you bookmarking the page with any of the social bookmarking links provided.

Sitemap  |  Terms and Conditions Copyright © 2010 - 2012 Populate Ltd. All Rights Reserved.
Website Design & Development by Populate.it | Company No. 7364755