Why No Padlock? - A Tool For Fixing HTTPS or Mixed Content Issues

A quick shout to this site which saved me trolling through some (a lot) code to find in a secure (or so I thought) webpage the problem loading an insecure item. An insecure item has a call to a resource that is using the unsecured protocol HTTP, not the secure HTTPS one.

TL;DR -> Go visit this helpful website now -Why No Padlock

In this case, it was an image for Expedia which was found to be loaded via HTTP, not HTTPS.

If a webpage loads scripts or any resource from a non-encrypted server it is a potential (albeit unlikely) security hole and browsers will show an annoying padlock with a warning to the user....this looks worse than no secure page in fact!

If the page has a web form on it (elements for the user to input data) the worry is that the data entered will pass across the web unencrypted. This is totally fine for a lot of the web's traffic like an image (no user data involved).

But if we can send everything encrypted it's better!

Google wants all sites to be https. It makes things harder from a technical standpoint but there are some compelling reasons why it is a good thing. The cottage industry that was Web 1 is going to be lost- that is a bit sad. Edit: Technology to the rescue of the little guy! Let's encrypt allowing the little guy free certificates to enable him/her to go https for free. Link to their project below.

So this site here https://www.whynopadlock.com/check.php is for you.

Citations

Lets Encrypt https://letsencrypt.org/