SOLVED

SSL Migration - Embedded Imagery Question

Go to solution
Samantha_Spano
Level 2

SSL Migration - Embedded Imagery Question

I'm in the process of turning on SSL for all of our landing pages. A lot of the templates we have in our instance have images embedded within them, all of which are currently logged on http vs https. While I am going into each individual landing page to update an HTTP -> HTTPS, do I also need to be doing this for any imagery on the page? Or am I only updating hardcoded URL domains?

 

Any guidance would be much appreciated!

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: SSL Migration - Embedded Imagery Question

Images used to be classed as "passive content" by browsers, meaning that they would load an insecure image on a secure page, unless the server specifically said that all mixed content must be blocked.  (Marketo doesn't block mixed content on the server side.)

 

That was unlike CSS, JS, IFRAME, and other "active content" which always needed to be secure if the page was secure.

 

But now images are being reclassed as active content. So yes, you need to load them over https as well.  Just be aware that if you test in older browsers, they'll still load the images over http (because back then they were still passive). To cover all modern and upcoming browsers, as of course you must, load over https.

View solution in original post

2 REPLIES 2
SanfordWhiteman
Level 10 - Community Moderator

Re: SSL Migration - Embedded Imagery Question

Images used to be classed as "passive content" by browsers, meaning that they would load an insecure image on a secure page, unless the server specifically said that all mixed content must be blocked.  (Marketo doesn't block mixed content on the server side.)

 

That was unlike CSS, JS, IFRAME, and other "active content" which always needed to be secure if the page was secure.

 

But now images are being reclassed as active content. So yes, you need to load them over https as well.  Just be aware that if you test in older browsers, they'll still load the images over http (because back then they were still passive). To cover all modern and upcoming browsers, as of course you must, load over https.

View solution in original post

Samantha_Spano
Level 2

Re: SSL Migration - Embedded Imagery Question

Thanks so much, Sanford. I appreciate the quick reply and clarification on this.