HTTPS Why no Padlock? Mixed Content Warnings

Ever visit a website and receive a popup "ONLY SECURE CONTENT IS DISPLAYED" or a broken padlock next to the URL of the site? This occurs when visiting a site using SSL (usually defined by the HTTPS in the beginning of the URL) and not all of the content on the site/page is being delivered through SSL. Unfortunately this is common place and usually a result of negligence on the site owners end, however it has also been noted that when a users browser/system is "infected", the malicious software will inject advertisements into the websites being viewed also resulting in a MIXED CONTENT WARNING. In any case, this breaks the SSL connection between you and the website, defeating the purpose of using SSL to begin with. Should you ever receive these warnings while visiting a financial website or your email providers "webmail", DO NOT PROCEED! Most if not all banking sites will never deliver content via HTTP but strictly HTTPS. It is advised to check your system for malware. A non HTTPS connection means that everything between you and the website is being sent in the clear, including passwords/usernames, personal information, etc.

A recent article posted at Qualys Security Labs suggests this "problem" being the easiest way to break SSL

Are you a site owner trying to fix this? The first step is to determine exactly which content is being delivered via HTTP rather than HTTPS. A very useful site for showing non https links being loaded can be found here.  Simply enter your sites URL and all the links on that page will be displayed. This will narrow down exactly which link(s) are causing the problem. If you require assistance, please contact us.

We believe ALL internet websites should implement SSL. The E.F.F (Electronic Frontier Foundation) started an HTTPS campaign back in 2011. By implementing SSL (regardless if your collecting personal information on your site or not), you are helping to protect users privacy and freedom. Begin by purchasing an SSL certificate. We can assist in converting your current site over to FULL TIME SSL

Other useful tools:

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings