Site SSL content issue on Firefox and IE - asp.net

My site is no securing the online transactions. I found the ssl setting and turned it on, but it still does not appear to be working properly. Below are some images for IE and Firefox. Although the https is present, it does not appear to be securing the site. This is mainly issue credit card information page. How to solve this.
image below

Your page is made up of secure and insecure content. Firefox is blocking the insecure stuff.
For example, your page is served from https://www.example.com/index.html, but some of the content within it it is served from http://www.example.com/images. Firefox will block the content from the second location. That's what the message in your image says.
You should serve all your content through a secure channel. i.e. serve everything from https://www.example.com

Related

What problems arise from mixing HTTP and HTTPS content through iframes?

If I use HTTP images or JS content within an HTTPS iframe (//) within that HTTPS site, is there a problem?
Site: HTTPS
iframe within site: HTTPS
image content within iframe within site: HTTP
What happens to the browser (safari, explorer, chrome, ios safari ...., ) in this case?
enter image description here
Above is an image of the current situation.
To help you understand better
I thought it was going to be a problem.
There are no problems with the current site and no web browser errors.
It is very strange.

ssl mixed content errors in browser

I have recently installed a flexible ssl on a Wordpress website using CloudFlare. I have read around the issues others have had. I have installed various plugins to remedy the problem. I have tested the url on an ssl checker which says it is OK. When the page first loads I have the green lock - it subsequently goes Amber with an exclamation (on Firefox) or just the 'i' on Chrome.
Chrome console says:
Mixed Content: The page at https://example.com/ was loaded over HTTPS, but requested an insecure image http://example.com/wp-content/uploads/logo1.png. This content should also be served over HTTPS.
In Chrome console it shows that there are some images which load are loading with http - but if you look at the actual image in the WP library it has https in front, including the one above. If I look at images on the front page with say Firefox developer all image paths are preceded https://. If I check the logo image guid in the WP DB which is throwing the error on the front page then it is https://. I have purged the Couldflare cache. I have cleared all browser cache.
So what's the problem?

WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

Could you help me find out what to do with not fully secure message.
I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".
The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?
Thank you for your answers!
Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.
Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):
If a yellow padlock appears with a mini yield sign, the likely cause
is links in your site still refer to an unsecured page. Make sure that
all your images, menu items and links use https in the URL.
source
I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.
Did you enable https after installing WordPress? If so, you must change the WordPress address and Site Address under "General Settings" in WordPress. Make sure both addresses use https.
If your WordPress site address is set to use http, your server will force https but WordPress will serve certain images, like the favicon, over http. This triggers a "mixed content" warning.
I too had run into this issue. It appears there are many http: that need to be replaced with https:
You typically do this using a plugin called Better Search and Replace. Make sure you are adding colon (:) at the end of both http and https.
I found a working answer here
To check for issues on the chrome/opera inspection console (ctrl+shift+C) is also a great idea: I had setup all correctly and the issue was the footer image, not something you would check very often looking for this fix. I had applied SSL to many websites, sometimes the issue is just one simple link and this method helps find it.
I had the same problem where the home or index page was saying the page was not fully secure "Attackers might be able to see images blah blah blah"
After enabling https in general settings under site address and wordpress address I was still getting the insecure image warning on the index or home page.
The next step was to find out what images were not using the https ref on the index or home page.
In my case I viewed the page source of the page, by right mouse clicking the page in the chrome browser & looking for images url ref which were still showing http. I was using a sliding header and those images were showing http. So all I did was go into slider header in the appearance menu of the wordpress, and re-assign each of the header slider image for each frame. RE-checked the home page now the image urls were showing https. Bingo the secure lock symbol returned.
Obviously these image urls don't get updated via the general settings... which seems an oversight by whoever wrote the part of the word-press script.

HTTPS page displays wrong

I have a page that displays correctly in HTTP, but when I open it in HTTPS it seams that some CSS classes do not load propoerly.
Here it is: http://application.ninono.ca/application_iframe.php
and https://application.ninono.ca/application_iframe.php
Funny thing is that 80% of people will see no difference.
If anybody could shed some light on this, I would really appreciate it.
Your browser is probably blocking un-secure content
Some versions of recent browsers (FireFox/Chrome) will reject HTTP content when the page is served over HTTPS. This is to prevent insecure content being served alongside secure content.
So if you visit the homepage in Magento and specify https:// in the URL, all the linked resources within the page source will still be http:// - and the browser may reject loading that content to preserve security.
But if you've loaded the page once before, there's a good chance that some CSS/JS/Images may well already be in the browser cache, mitigating the requirement to fetch the resource remotely.
This can give the impression that it works on some machines and not on others. Where in reality - its not really working for anyone, its just that some users benefit from their historical browser cache.
Self-signed certificates can also produce this exact behaviour.

No Google fonts working in Google chrome

Here is the link
If you click the squares within the black section they will change the font of the word to the left. All of the fonts are Google fonts but non of them are working in Google Chrome. I've searched the internet with no solution. All other browsers it is working fine.
You are getting an error message that explains a bit more. Try pressing F12, then click on the Console tab. You'll see the error message
[blocked] The page at https://branard.com/index.php?option=com_brands&view=detail&id=16&Itemid=102 ran insecure content from http://fonts.googleapis.com/css?family=Erica+One|Monda|Sacramento|Oleo+Script+Swash+Caps|Text+Me+One|Seymour+One|Cagliostro|Qwigley.
Chrome now displays this message when you fetch insecure content via HTTP when the main page is running HTTPS.
It should just be a matter of changing the font url from http://fonts.googleapis.com/css to https://fonts.googleapis.com/css to secure this link.
This is a security feature of the browser that blocks http content included from a host page served via https. The fix is simple: just remove the protocol from all resource URLs (scripts, stylesheets, etc.). In your case, the URL to the fonts CSS becomes
//fonts.googleapis.com/css…
Notice that the URL has no http or https.

Resources