You've taken all the steps necessary to make sure your site is secure, and you want your customers to be confident that their personal information is kept confidential. Even though your site is protected by your SSL certificate, customers may still receive messages that the page they're viewing contains unsecured content if there are images or other elements that haven't been encrypted.
When you have an SSL certificate installed on your store, it attempts to encrypt all of the elements on your store's secure pages (e.g. the checkout page). If all elements on the page cannot be encrypted, customers will see an "unsecured content" message and, in some browsers, customers may see a broken padlock icon.
Though these messages do not indicate a failure of the SSL certificate, they can still be scary to customers and drive your store's conversions down. Below are the three most common issues in your store that can cause an "unsecured content" message and tips on how to correct the issues.
When your store's SSL certificate fails to encrypt all of the elements on a page (for example: forms, textboxes, images, etc.), customers receive an "unsecured content" pop-up message.
To resolve the error, all you need to do is find the elements on the page that cannot be encrypted and make some minor modifications.
Images Hosted on Your Store
Any time an HTML image link is created within a page using the entire, "absolute" URL for the image file's location, the resulting image link will not be encrypted by any SSL on the site.
For example, the following image link cannot be encrypted by an SSL certificate:
To correct this issue, simply remove your store's domain from the image tag, creating a relative link:
Images Hosted Externally
Note that the previous example only applies if the image file is being hosted within your store. If an image link refers to a file hosted on a web server outside your store (e.g. a Flickr account), you’ll need to modify the image link to use the secure "https" protocol.
In this case, the image link should look like this:
Note that the third-party web hosting server in question must support the “https” protocol in order to successfully secure the image using your store's SSL certificate in this manner.
As with image links, any unsecured reference to an external file such as a stand-alone Java Script file (.js) will also produce the "unsecured content" pop-up. You can resolve the issue by removing your store's protocol and domain name from the HTML that references the Java Script file.
You may encounter this issue if you’re attempting to integrate Google Analytics with your storefront. Due to the possible error, we recommend that you use the alternative Google Analytics code provided in How to Set Up Google Analytics.
Third-Party Tools for Finding Unsecured Content
There are some third-party tools such as WhyNoPadLock.com which can help you find non-secure content on your store's secure pages. You can visit sites like these and enter your store's secure URL (https://www.yourvolusionstore.com) to get a report on unsecured content.
Note that Volusion does not endorse any specific third-party software or tool. We encourage you to do your own research on the effectiveness and reputation of any third-party service or tool you choose to use.
Following the above steps will not guarantee a fully secure site, as these are simply a recommended set of preliminary troubleshooting steps to resolve unsecured content issues.