I have problems with setting up goals in Google Analytics. There are a few bugs in the order page, which I think are causing the problem. With the help of GA debug extention I managed to reach the following errors (5) and warnings (4):
(Here are only the errors, unfortunately 2 as I am not allowed to post more than two links)
-> Mixed Content: The page at ''https://www.xxx.de/de/xxx/'' was loaded over HTTPS, but requested an insecure script 'http://delivery.fpmserving.com/tag.php?tag_id=53&campaign_id=32'. This request has been blocked; the content must be served over HTTPS.
-> Mixed Content: The page at 'the same as above' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'the same as above'. This request has been blocked; the content must be served over HTTPS.
Furthermore, the Page source could not load.
Is there any way that I could remove this insecure script? And make sure that the content is served over HTTPS?
PS: I am not a Developer and unfortunately I am not really familiare with HTML and HTTPS, although I try to inform myself!
Related
So I get the following error in Chrome console:
Mixed Content: The page at 'https://your-username.github.io/' was
loaded over HTTPS, but requested an insecure stylesheet
'http://yui.yahooapis.com/pure/0.6.0/pure-min.css'. This request has
been blocked; the content must be served over HTTPS.
Basically the yahoo pure library is being served over HTTP. Is the only solution simply to download it and link to it in a "relative directory" format from my index.html page (e.g., "./pure-min.css")?
As suggested in this issue, try instead
replacing all occurrences of http://yui.yahooapis.com with https://yui-s.yahooapis.com.
You can see it used in this YUI Library Examples: ProfilerViewer Control.
With the latest Firefox update (48.0.2), we are seeing mixed content errors from our doubleclick tags on our HTTPS site, however the error is not making any sense to me because the offending URL seems to use https:
Blocked loading mixed active content "about:neterror?e=dnsNotFound&u=https%3A//fls.doubleclick.net%3Bsrc%3D3268620%3Btype%3Dboo120%3Bcat%3D3-c420%3Bord%3D1/%3F&c=UTF-8&f=regular&d=Firefox%20can%E2%80%99t%20find%20the%20server%20at%20fls.doubleclick.net%3Bsrc%3D3268620%3Btype%3Dboo120%3Bcat%3D3-c420%3Bord%3D1."[Learn More]
Any ideas on what might be causing this?
In chrome, I can call a secure URL (exampleB.com) from a INsecure page (exampleA.com); in firefox, they block it
Is this a bug, it seems HTTPS should be allowed from anywhere?
Resource being called is simply an IMG tag / GET request.
This was a bug with firefox itself. The CORS handling was backwards :)
I've included mini-profiler in my app. It loads great on standard http pages, but over SSL I get the following warning
page was loaded over HTTPS, but requested an insecure script 'http://mydomain/mini-profiler-resources/includes.js?v=xyz
Is there a setting or other type of configuration I can use to get this to load over HTTPS?
I've noticed something interesting while monitoring the network communications between my browser and server. It has something to do with caching.
Say I have a CSS file http://domain.com/main.css (used in unsecured pages), which can also be accessed via https://domain.com/main.css (used in secured pages).
When I first load an unsecured page, the CSS file gets a 200 OK. When I reload the page (or go to another unsecured page), I get a 304 Not Modified.
When I go to a secured page for the first time, the CSS file from the https source gets a 200 OK. And when I reload the page (or go to another secured page, I get a 304 Not Modifie.
When I return to the unsecured page, the CSS file still gets a 304 Not Modified.
When I return to the secured page, the CSS file gets a 200 OK. What happened to the cached copy? How can I make it cached?
This might answer your question. It might be the case that your website defines this resource as non cacheble by defining this :
Cache-Control private, must-revalidate, max-age=0
for example ( when accessing https://www.google.com/ncr) causing your browser not to cache it. Do you have Fire-bug\Fiddler or anything similar to view the response headers?