This Error occurs when the content is loaded over HTTP within an HTTPS page.
If the HTTPS page includes the content like scripts or stylesheets retrieved through regular, cleartext HTTP, then the connection is only partially encrypted.
There are few technologies to deal with this type of mixed content issues:
1. HTTP Strict Transport Security (HSTS) is a mechanism that enforces secure resource retrieval, even if user does mistakes means try to attemp to access web site on port 80 or any coding errors.
2. Content Security Policy (CSP) can be used to block insecure resource retrieval from third-party web site.
Set htacess Rule as -
Header set Content-Security-Policy "'self' domain"
No comments:
Post a Comment