Securing Unsecured Content

So, your website is live, it's got a free SSL, but you still see a "Not Secure" warning; what gives?
 
In this article, we will discuss why your secured website might still display this warning after installing an SSL certificate as well as what you can do to try and secure all of the content of your pages.

First up, does an SSL encrypt my site content

It might seem natural that if you use an SSL certificate, then this too will secure all of your website content; however, this isn't the case.

Although the Secure Socket Layer encrypts the real traffic moving between your content and various computers, you may still have content that cannot be encrypted, like HTML code such as an iframe, for example.
Since iframes (and similar coded content) are technically not located in the same place as the content on your website, this means customers may still receive messages that the page they're viewing contains unsecured content; notably, if images or other elements are not encrypted at their host.

What can you do?

Although these warnings do not mean that a failure of your SSL certificate has occurred, they can still be worrisome to viewers and negatively impact your site's conversions. Suppose an image, video, or HTML containing a URL link refers to an unsecured file hosted on a third-party server (outside your site's server). In that case, you'll need to use a different URL or modify the image link to use the secure "https" protocol.
 
In some cases, the content must also be secured where it is being hosted for this to work, which can mean reaching out to the content originator to obtain a secured version of the content or recommend that they offer such a thing.