Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

https not always green in Chrome

Even if the page is secure



5:46 am on Mar 12, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I have noticed in Chrome with https pages that even though everything is secure (my order form pages for example), the https will appear red with a line through it. This will happen on a page that shows green then, say on refresh or re-visit, will not though nothing has changed. I tried it once with a blank page and it did the same thing.

Is it just me or is does this happen to you?



8:04 pm on Mar 27, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Marshall, this is kismet - I'm coming here to explore this very same issue, with a few more details, and a twist.

Visualize two pages, and given that the secure page often uses the same resources over https as http - a header image, for example. Let's call the may-or-may-not-be-all-secure page /about, and the secure page /purchase.

Browse to https.... /purchase, everything is fine, green light on secure items. Use a link or even make a direct request back to /about, and you get a mixed content error. On this page is a link back to /purchase, but you don't even have to do that - change the URL to /purchase in the address bar.

The previously secure page now displays insecure items (and Chrome doesn't make it easy to tell you what they are). WTH?

Basically it caches the insecure items from the previous page state, but only in the context of that tab (as I understand it, anyway . . . )

I've done some searching and this is due to caching, there are many proposed fixes (clear history, open a new tab, whatever) but the really BIG problem with this is the average user won't have a clue how to do any of this or know what it means. Insecure = bad, close and shop elsewhere.

A little more info: By using the Javascript console on the mixed insecure page, I can see the insecure items. Okay. Now go to the secure page, and use the Javascript console. There are no insecure items listed. But Chrome still errors the page as "insecure."

Has anyone solved this to any reliable degree? With Chrome gaining market share, it's become the "new I.E." in terms of the thorn in a developers bum . . . .


8:17 pm on Mar 27, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Short of putting in page cache tags, or as I would do in .asp:

<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>

I don't have a quick solution. And while I did not give what you said about caching any thought before, the pages I do have the above tags in always show secure. That being said, you may be onto something. And I do agree, I do not like the fact Chrome does not say why the page is not secure. At least IE asks if you want to display the non-secure items.



8:24 pm on Mar 27, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Ah, bits I left out. This is recently moved to a nginx server (from linux) with no-cache headers and cachebuster code added to all resources (you know, like img.jpg?u=123345 that changes for each user.) There is literally no cachebusting efforts we can do server side to get around it, we've tried. It's all on Chrome.

Featured Threads

Hot Threads This Week

Hot Threads This Month