Browser Mixed Content Warnings

When viewing a website, you may sometimes come across a warning about mixed content. This “mixed content” is the loading of some resources encrypted over SSL and some not over SLL (unencrypted / cleartext). This only happens when the URL of the page you are browsing to is secure, e.g. https://www.abdullahyahya.com but some of the resources like css and Javascript files it references are not secure, e.g.  https://www.abdullahyahya.com/style.css or http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js. The mixed content warning doesn’t appear when the URL of the page you are viewing is not over SSL, e.g. https://www.abdullahyahya.com, even if the resources it includes are secure.

To prevent mixed-content warnings, you can do the following:

  • Use protocol-less URLs when referencing resources, e.g. //ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js. This way, the protocol (http or https) used will match that of the parent page’s URL. In this case, you need to make sure your included URLs are accessible over both http and https.
  • Always use secure https URLs when reference resources