Can anyone help please?

Our trade site www.zest-it.biz/trade/ is on its own ssl and should be as secure as our other sites but in firefox it will not show the padlock and says its not secure - maybe due to images?

Can anyone tell me why and how to fix it please?

THank you in advance,

Trace

Hi Trace

It seems to be images that use the full path with http eg images/zest-itlogo.png

Change that to https or make it relative like

/images/zest-itlogo.png

Andy

Please feel free to review / rate our software

Awesome Andy - You are a superstar, Thank you so very much - all fixed

Trace

Hi Trace

One thing worth considering is what is known as the HSTS header.

Currently your site is not using the "Strict-Transport-Security" header (HSTS Header), which can leave a website open to man-in-the-middle attacks. Having a Strict-Transport-Security header installed, means that it will be nearly impossible for the bad ass bunch to glean any information at all.

Implementing HSTS headers is as simple as adding a line to your websites .htaccess file. Add the following to your .htaccess file at the top level document root folder; eg public_html - I always put that line near to the top of the file.

[blue]#SetsTheStrictTransportSecurityHeaders
Strict-Transport-Security: max-age=31536000; includeSubDomains[/blue]

With the above code implemented all present and future subdomains will be HTTPS for a max-age of 1 year. This blocks access to pages or sub domains that can only be served over HTTP.

Will - Bolton Manchester UK