SSL Partially encrypted

Question

I am new with SSL. I got a standard SSL installed in my server, but when I go to my shopping cart, it says that it's only partially encrypted. Chrome even crosses out HTTPS in the url location bar. What I understand, that there are some http links in that page (images, js), so are there any tools to check for that? Workarounds? I looked manually and found 1-2 images using HTTP instead of HTTPS in that page, can it really be a reason to block SSL?? Please help,crossed HTTPS link on the page looks worse than no HTTPS at all..

I also have read, that it stops (showing partial SSL) by itself sometimes.. so wonder maybe there is a time frame or smth effecting it..

UPDATE: figured myself...it was javascript using widget (using HTTP), disabling it solved a problem. Now I am not sure how to close this ticket :)

Answer 1

Use scheme-relative URLs (they are relative to the http/https part). This makes them protocol-independent, and your problems should be solved. For example, instead of:

<img src="http://example.com/path/to/image"/>

Use

<img src="//example.com/path/to/image"/>

Recommended reading

• Network-Path Reference URI / Scheme relative URLs
• Is it valid to replace http:// with // in a <script src="http://...">?

Answer 2

another possible cause of the error is the programmatic setting of an iframe's src-attribute to 'about:blank'. the effect is observable in ff 3.6.x & 4 and ie 8.

best regards, carsten