It is a common reaction to blame the SSL or host for having the certificate installed improperly. This is usually not the case. The SSL lock will only appear or display properly if all items on the page are linking securely. If there is even one unsecure link on the page, the SSL will appear as broken. This means it may not display at all, or it may display differently. 

This will vary depending on the browser you are using. Most of the time, the cause for this is the use of absolute links for images and text links within the page code instead of relative links. If even ONE link on the page is using the absolute format it will ‘break’ the secure page. Below are descriptions of absolute and relative address linking.

Absolute addresses

Absolute addressing for images and links include the entire domain name and the protocol, which is typically http://. For example, if you were linking image.jpg and your domain name was, the link would be code as <img src=””>

Relative addresses

Relative addresses differ from absolute in that they include neither the protocol nor the domain name. Using the same image.jpg file as before, the link code to that file in would simply be <img src=”image.jpg”>.

Finding Mixed Content

When visiting an HTTPS page in Google Chrome, the browser alerts you to mixed content as errors and warnings in the JavaScript console. You can open the console either from the View menu: View -> Developer -> JavaScript Console, or by right-clicking the page, selecting 'Inspect Element', then selecting 'Console'. You need to remove or update the 'http://' URLs listed in these errors and warnings in your sites source.

Alternatively, you can use the site ‘Why No Padlock?’ to identify mixed content:

If the site is running WordPress, you can use the SSL Insecure Content Fixer plugin that should identify all mixed content and replace it with a secure version for you. You can find the plugin here: