How to resolve Chrome reporting NOT SECURE ?

**kevinmc3** · 5 Sep 2017, 07:25 PM

Originally Posted by mc12345678

It's also not just Chrome that is reporting an issue.

On the login page there is the following which will cause issues as well:

Code:

<img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg" border="0" height="42" width="820" alt="You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today." />

This causes a mixed content related problem.
The following FAQ helps to further correct this issue: https://www.zen-cart.com/content.php...lly-encrypted)

MC where did you see this link?

**kevinmc3** · 5 Sep 2017, 07:27 PM

Originally Posted by dbltoe

Look for the red, bold text in the code block.

MC# is correct as well. A view source of your main page shows 855 results for a search of http://. Not all will break https but, most will. Looks like another store-bought template not using proper relative links. If it is something on your site, it should not have http: in the link.

got it thanks

**mc12345678** · 5 Sep 2017, 07:45 PM

Originally Posted by kevinmc3

MC where did you see this link?

Originally Posted by kevinmc3

got it thanks

Not sure if this response answered the previous question, but basically seeing that site was not full https: enabled, I went to the first place I would expect https to exist which was the login page: index.php?main_page=login. I was presented with a mixed content message and asked if I wanted to allow all content. Answer was no. I then viewed the page source and searched for src="http: and came across that link. I also tried variations such as src = "http:, and even with a single quote as that is used in a few places on the page.

Anyways, chrome has gone to an expectation of the entire site being https: not just the pages/communications where such data should be encrypted.

**carlwhat** · 6 Sep 2017, 04:13 PM

Originally Posted by kevinmc3

How to resolve Chrome reporting NOT SECURE on our Zen Cart sites ?

What do we need to do to resolve Chrome now NOT SECURE for ecommecre sites? I have SSL installed.

Amazon has figured it out..

www.cvtreasures.com

kevin,
you need a new host. your server is still vulnerable to a poodle attack. that is an issue that needs to be addressed. see:

https://www.ssllabs.com/ssltest/anal...vtreasures.com

good luck.

**barco57** · 6 Sep 2017, 05:08 PM

yeah, SSL3 should have been killed on that server years ago

**spminis** · 29 May 2018, 10:05 AM

Did a WHYNOPADLOCK

This was exactly the tool I needed to solve my problem. The scan showed that there was an image on the main page where the url was http not https and that made the page not secure. Once I put the "s" in the url, the page showed the padlock.
THANK YOU!!! Saved me hours of beating my head against the wall.

Carol