Accessing a website, protected by SSL, yields a “mixed-mode” notice or the SSL indicator displays different than normal.
SSL is designed to protect data transfer from third-party snooping through encryption. By accessing a resource over a non-encrypted stream (e.g. including an image on a site as <img src=”http://mysite.com/img.jpg” />), this protection is circumvented. The request is made without encryption allowing third-parties to potentially sniff traffic. Browsers will alert you when these situations are encountered as security is of everyone’s absolute utmost concern.
Two options exist, either change all links from http:// to https:// or as a more concise form, use a protocol-relative URL by omitting the protocol entirely such that <img src=”http://mysite.com/img.jpg” /> becomes <img src=”//mysite.com/img.jpg” />
- The Protocol-relative URL (Paul Irish)