SSL and Secure Websites - best practices and guidelines
Supporting HTTPS for your website is an important step towards protecting your site and your users from attack, but mixed content can render that protection useless. To protect your site and your users, it is very important to find and fix mixed content issues.
When a user visits your secure website ( HTTPS) the connection is encrypted with SSL. If your HTTPS website also includes content retrieved through a regular HTTP connection, the connection is only partially encrypted.
- Mixed content degrades the security and user experience of your HTTPS site.
- Make sure all links/content throughout out your site references a secure site (https).
- If there is an image on an internal page of your website that has the full http://website.com.prod.boatsgroupwebsites.com/wp/wp in the HTML then you can either change it to https:// or remove everything up to the relative link (that's the ideal solution).
- Links to an external site or an iframe/embed should be using a secure https:// address or else the iframe/embed won't load, or the page will be marked as unsecure.
- HTTP page references cannot be included directly into HTTPS pages and maintain full security.
You can find more information here: https://www.entrust.com/lp/wp-content/uploads/sites/2/2016/07/Entrust-eGuide-SSL-Best-Practices-V2-WEB.pdf