Full-Site SSL Mixed Content Overview

Follow

Overview

Although all of your Encompass hosted content will be secure once full-site SSL is implemented for your site, it is still possible for an admin to introduce insecure content to an Encompass page. This is not only still a security risk, but a visitor to that page will get mixed content warnings within the browser indicating that the page is HTTPS but there is content on the page that is coming from an HTTP source.

The purpose of this page is to provide an overview of mixed content warnings and examples of how each browser indicates that mixed content is present. 

Using Developer Tools to Identify Mixed Content

Identifying the source of mixed content requires using the developer tools within the desired browser. 

For Safari, go to Safari on the menu bar > Preference > Advanced > Select "Show Develop menu in menu bar". Once the developer tools have been turned on, right click on any area of the page and select Inspect Element. Navigate to the console tab and review the highlighted items that the browser is saying are the cause of the mixed content indicator. 

For Internet Explorer, Chrome, and Firefox, with the browser open and on the page causing the warning right click on the page and select Inspect Element. Navigate to the console tab and review the highlighted items that the browser is saying are the cause of the mixed content indicator.

Causes of Mixed Content Warnings 

Mixed content warnings are caused by assets such as images or JavaScript being provided via the http rather than https protocol. Once the cause of a mixed content notification has been identified, determine if an https alternative is available for the asset, for example, moving an image to a secure server and then updating the Encompass content to reflect the change in location. 

Browser Examples

Internet Explorer

When the page at <secure-page-url>, is loaded over HTTPS but requests insecure content the Internet Explorer browser alerts the user with a mixed content warning in the developer tools console.

IE_Mixed_Content.png

Google Chrome

When the page at <secure-page-url>, is loaded over HTTPS but requests insecure content the Google Chrome browser alerts the user with a mixed content warning in the developer tools console. This is indicated by https in the URL alongside the circle i indicator. 

Chrome_Mixed_Content.png

Safari

When the page at <secure-page-url>, is loaded over HTTPS but requests insecure content the Safari browser alerts the user with a mixed content warning in the developer tools console.

Safari_Mixed_Content.png

Firefox

When the page at <secure-page-url>, is loaded over HTTPS but requests insecure content the Firefox browser alerts the user with a mixed content warning in the developer tools console. This is indicated by the lock overlapped by the yellow triangle. 

 

Firefox_Mixed_Content.png

Have more questions? Submit a request