Buy from the highest-rated provider   Buy SSL.com Certificate x

Stop the "page contains secure and nonsecure items" warning

Are your SSL web pages plagued by the browser warning "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"

Do you want to display nonsecure items?

This is a common error that occurs when some element on a secure web page (one that is loaded with https:// in the address bar) is not being loaded from a secure source. This usually occurs with images, frames, iframes, Flash, and JavaScripts. If you are having trouble finding what elements are loading from http instead of https, try WhyNoPadLock.com. Once you found the elements, there are a few ways to fix them:

1. Change all URLs to https

Just open up the offending web page and search for http://. Change the references on all images, iframes, Flash, and Javascripts to https://. For example.

<img src="https://www.domain.com/image.gif" alt="" />

This may not work if you are loading an image from another site that does not have SSL set up. Also, with this method you'll be loading SSL images even when the client is loading from a non-secure page. This will add extra processing load on the server and client. This is definitely not recommended for a high volume site.

2. Change all links to // or make them relative

Rather than changing all the links to https://, change them to just //

<img src="//www.domain.com/image.gif" alt="" />

Alternatively, if the images or scripts are located on the same domain, you can access them relatively, rather than absolutely:

<img src="image.gif" alt="" />

Using this method, the browser will know that it must load the image securely if the web page is being loaded securely but it will also load the image normally if the page is not being accessed securely. The image will still need to be available on the other server securely. This is likely the best method of getting rid of the pesky "Do you want to display the nonsecure items?" warnings.

3. Change the browser settings

It is best to change the code of the page that is giving the error, but if you don't have access to change the code, you can always tell your personal web browser not to display that message. To do so follow these steps for Internet Explorer:

  1. Go to Tools, Internet Options.
  2. Select the "Security" Tab and then click on the "Custom Level" button.
  3. Scroll down until you see the option: "Display mixed content". Select "Enable".
  4. Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.

One common reason that this warning shows up is using normal Google Analytics code on a secure page. It is a simple fix to enable Google Analytics on a page using SSL.

Originally posted on Sun Sep 9, 2007

Comments


Robert(2014-12-13)

i can not get on my dashboard aim, it says invalid password and when i go to dashboard aim this page contains secure and nonsecure comes up.
How can i use dashboard aim again?

Jemson Sentillas(2014-12-13)

Thanks for posting this..

Great job!

erhan(2014-12-13)

thanks mate only enabled the display mixed content and all done,,,,

Thanks again

Andrew Dove(2014-12-13)

and kept me sane... many thanks! Was about to remove IE and use firefox instead.

What amazes me is the arrogance of Microsoft in imposing this clunky nonsense, no wonder other people ditch it for other browsers

Kenny Ken(2014-12-13)

Top stuff!

Robert(2014-12-13)

You should be able to get rid of the error in Internet Explorer by following these steps:

1. Go to Tools, Internet Options.
2. Select the "Security" Tab and then click on the "Custom Level" button.
3. Scroll down until you see the option: "Display mixed content". Select "Enable".
4. Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.

If that doesn't do it, you will need to contact the webmaster of your email.

Dianne(2014-12-13)

The message keeps coming back. It doesn't matter if I check yes or no, it just keeps returning. I have tried it many times.
I also have tried the steps that were given, it provented the message from appearing, but the webpage keeps jumping and blinking as if the message were still working. This is the sign-on page of my email website with all of the jumping and blinking I am unable to sign-on. Is there a way to fix this or totally disconnect this message?

Connie(2014-12-13)

Checking "Enable" doesn't stop it. None of them -- Disable, Enable, Prompt -- stops it from popping up. So.... hello Firefox.

Jay(2014-12-13)

Thanks for the info. but I've follow the steps mention and it did not work.... i'm still having the same problems... any other suggestion?

CRR(2014-12-13)

I suffered for many days with this warning. But the direction to enble mixed contents on internet option worked wonderful. Thnks.

prajapati ajay(2014-12-13)

thans give to solution

candy(2014-12-13)

Thank You, Thank You, Thank You. You just saved me weeks worth of work on my site!

Robert(2014-12-13)

You'll need to contact the website that is running dashboard aim and they should be able to fix the problem using the techniques listed above. Or you can just accept the insecure items by clicking "Yes". Or you can follow step 3 on this page to get rid of the message altogether.

Robin(2014-12-13)

Very Helpful!

Sasor Ogar(2014-12-13)

This is very informative, but incomplete. After some boring hours spent on this subject, I found out that though you have all the references relative or starting with "https://", IE still treats the page as non-secure thanks to existing IFRAMEs. For some reason I had to use iframes, but they also cause 'non-secure items' message.
Your welcome :]

Abdullah Al Mohsin(2014-12-13)

When i open my gmail account than i got a message that is "Do you want to display nonsecure items" it was really boring for me also kill time. i got solution from your website how to change setting.

Best Regards,
Abdullah Al Mohsin

Eileen(2014-12-13)

Perfect! Thanks for posting this.

Robert(2014-12-13)

Thanks, Sasor. I updated the page to mention iframes since they can also cause this error.

Gustavo Sanchez(2014-12-13)

Many Thanks...this is a invaluable resource in the web...

madjeweler(2014-12-13)

Thanks Robert! Your directions worked GREAT:
You should be able to get rid of the error in Internet Explorer by following these steps:

1. Go to Tools, Internet Options.
2. Select the "Security" Tab and then click on the "Custom Level" button.
3. Scroll down until you see the option: "Display mixed content". Select "Enable".
4. Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.

Rajesh Mokashi(2014-12-13)

When i was gone to my clint office i check his Gmail account i got a massage that is "Do you want to display nonsecure items" My clint was really boring. he told me how to disable this popup. I got solution from your website.

Thanks & Best Regards,
Rajesh Mokashi

Kannan(2014-12-13)

Thanks... it is very helpful

ASLAM BASHA(2014-12-13)

i have done how you have told

it is very helpful to me

thanks a lot

aslam basha

yuva(2014-12-13)

1.Go to Tools, Internet Options.
2.Select the "Security" Tab and then click on the "Custom Level" button.
3.Scroll down until you see the option: "Display mixed content". Select "Enable".
4.Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.

nushgirl(2014-12-13)

never tought i was going to get this pop us from my laptop, thanks for your help.

Sylvia R(2014-12-13)

Just what I needed!

PJClark(2014-12-13)

Nobody, especially Microsoft (!), knew how to fix this problem! But I found a quick and easy answer here! Thanks!!!

Saurabh(2014-12-13)

Thank you so much for this. I was going insane with those stupid prompts.

John(2014-12-13)

Thanks Mate. You totally kept my sanity. I was ready to start hitting my monitor lol

Jennifer(2014-12-13)

thanks for the quick and easy fix! That was getting annoying!

John(2014-12-13)

I have same issues in my secure sites.

Using the WhyNoPadlock website, I got the insecure URLs.

Now where should I look for this code?. For Contact, I looked at Contact-form.php files, but I could not find the '<img src=" Where should I find that code, so that I could change it as advised here?">

Anthony(2014-12-13)

Help tips, worked great, I am lucky to find your webpage is still up.

ezhumalai(2014-12-13)

Hi currently i am facing SSL Secured Warning as
" This page contain both secured and nonsecuerd. do u want to continue" Error in IE6..I changed all the images and Css and javascript URL to Https: but still am getting this Error in IE6...But same site when i browsed through IE7..its working fine..but i have problem in IE6..please can anyone help on this..

Rob Mangiafico(2014-12-13)

One easy way to see if all the items on an SSL page are secure is to paste the https URL into the service at:

http://www.WhyNoPadlock.com/

It will analyze all the content on the page to verify all items are called securely, including css, JavaScript, images and even 3rd party SSL certificates for remotely called items.

Dm(2014-12-13)

Hi all!

This secure message happens because src="" in my empty IFRAME tag in my case.

Tony CL Chan(2014-12-13)

If your page is using HTTPS, pay special attention to search your code to find any line hard coded "http://", this is the reason why you will have mixed secure and non-secure content.

Nelson(2014-12-13)

I have a public page as https:// that tests just fine at www.whynopadlock.com. But Chrome v.12.0 using Mac OS 10.6.7 is reporting that non-secure items are being sent. All other browsers are not complaining. Is there a web tool that will see what Google Chrome is seeing? I did report the issue to Google using the Report-an-issue ... tool at the Help menu item.

dapogz(2014-12-13)

even though this is an old thread THIS still ROCKS..

THANKS...

Robert(2014-12-13)

Hi Hitesh,

You will either need to remove the items that can't be loaded from a secure https source or ask the site owners if they can set up https on their site.

Andrea(2014-12-13)

Thank you so much....I have been looking at my internet options to eliminate these pop-ups for awhile now!

Sarah(2014-12-13)

I have a website that is using a lot of relative links, which I believed would mean this was not an issue, however the items being linked to are being reported as coming from http and not https :(

Any thoughts?

hitesh(2014-12-13)

In my site there one external css & js which is creates problem for me in HTTPS, and i can’t remove that because it is important, and also not able to download and set it up on my site…
They are also not provide css & js with https code…

So what to do? Please give me solution…
Thanks…

hitesh(2014-12-13)

Hi,

I have a one problem in my site for ssl, i remove all the absolute path and give relative path to all images and css, but there are few images & js which is coming from other site, so that's why it is gives me warning. And those sites are not ssl enabled so i m not able to give https:// for external images & js.

Thanks.

Jatinder(2014-12-13)

How we can achieve same with javascript or jquery.

Mad Eddie(2014-12-13)

Chrome reports relative URLs als insecure.
Even when these URL's are relative to the current HTTPS page you are on and coming from the same site and trough the same SSL as the page you are viewing.

Infact.
When i make a page wich contains only the text 'test'. a plain HTML file with only the word 'test' and NOTHING else. It still flags it.

(Maybe related to chrome plugins we have installed?)

Hannah(2014-12-13)

Option 3 worked. Thanks so much!!!

T.J.(2014-12-13)

Thanks loads, it drives you mad when they keep popping up

Becky(2014-12-13)

This has been driving me crazy for months. Option #3 worked for me. Thank you so much for posting the solution!

sinisa(2014-12-13)

Thanks a lot.i read this webpage and stupid prompts is disapear.

Robert(2014-12-13)

Hi Sai,

Unfortunately, you will need to manually update all of the URLs. I can't think of any way to do this automatically.

Narendra(2014-12-13)

(1)Go to Tools, Internet Options.
(2)Select the "Security" Tab and then click on the "Custom Level" button.
(3)Scroll down until you see the option: "Display mixed content". Select "Enable".
(4)Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.

Sai(2014-12-13)

Hi All,

I have multiple pages which has the same errors(Running on IE 6). Few blogs say that we need to make the src of javascript to blank. Is there a way wherein we can fix this issue globally instead of changing each url or each page javascript.

Thanks,
Sai

sateesh kumar(2014-12-13)

Hai this is sateesh kumar , i am using internet explorer at the time of PF online transfer claims digital sign accepted purpose , but when i log on the epfindia site enter the user id and passwor when i login in to the page only heading are showing sub headings are not and they showing seure and nonsecure items are there "yes" or "No", how can i enter the sub headings for further steps,,,

HALILOVIC(2015-02-01)

Thanks so MUCH,WORKED!!!

Krrish(2015-06-23)

Thanks it worked :)

Andrew(2016-03-30)

This advice works perfectly. Also you can use this tool to scan and track down mixed content across an entire site: https://httpschecker.net/ . Hope it helps.

guinnyss(2017-07-15)

Awesome, i changed from https to simple // now my site load fast as before, https like you said slow load my page because of images on my server or links.

Advertisement • Hide