HTTPS Resources Check
Contents
HTTPS Resources Check
The HTTPS Resources Check is a tool that will find URLs on all of your site's pages that should be switched from http to HTTPS, should you choose to do the conversion.
Some you can change now. Others, you may need to wait until after the conversion.
Converting to HTTPS is completely voluntary. You do not have to convert your site if you think that the disadvantages (the amount of time and work involved) outweigh the benefits.
What Are the Benefits?
There are two important benefits to converting to HTTPS...
-
Google Chrome and the other major browsers inform their users when a page is not secure. This means that people may not sign up for your newsletter or e-course, or try to contact you with questions or comments.
Post-conversion, visitors to your page will see the inviting padlock, or, if they click on the i button, they'll read that your page is secure and that any information they provide will be safe.
-
You can use payment processors like Stripe that require a secure connection to sell products on your site.
What SBI! Is Going to Do
The conversion process is going to take care of AdSense ads, Google Custom Search (CSE), and all internal links (links from one page of your site to another).
SBI! will also do a 301 redirect of each http URL to the HTTPS version of the URL. The redirect ensures that Google and the other engines know where to send visitors.
The engines see the http and HTTPS versions of your site as different sites.
So the 301 redirect is needed to ensure that there are no duplicate content penalties and that the new version of your site is the one that gets ranked in search results going forward.
And while the 301 redirects will preserve most of your "link juice," it's best to have direct links to the HTTPS version of your pages.
So another post-conversion task will be, if you think it's worth your time, to ask the webmasters linking to your site to change the URL in the link to HTTPS.
What You Can Ignore
The report will not show any outbound links (links to other sites), because these will not affect the secure nature of your site.
So you don't have to think about them at all.
What You Will Have to Do
Every line item in the report (which you'll see after the check is completed) is a third-party URL (e.g., a hotlinked image, or a JavaScript-based widget's code snippet).
For each of those, you'll need to change the code, or replace it with code from another provider that offers HTTPS.
Each section below covers what to look for and how to make the change.
In the report, you'll notice the number 1 on a gray square in the lower right corner.
If the report has more than one page, you'll also see a Next button. Click on Next to view the next page of the report, Prev to view previous pages.
Important Note
There are some tasks that cannot be done until you've completed the conversion.
These include changing the URL for your site in your Facebook page About section, your Twitter profile, and other social media, as well as adding the "new" version of your site to Google Search Console and Bing Webmaster Tools (and submitting the sitemap XML file).
Tips
-
Leave the report window open as is. Open Site Central in another tab and make any changes from there.
-
Eliminate common code issues first, which may eliminate several pages from the report at once. Convert or change code in Sitewide Dots (BB2)/SBI! Includes (UYOH) and Reusable Blocks, which will usually be things like ad code, search boxes, and translation widgets.
-
If you use Pinterest, and have verified ownership of your site, then you'll see a file name that looks like this...
https://www.yourdomainname.com/pinterest-199ez.html (with your domain name)
Ignore it. Since no human will ever see that page in a browser, there's no need to do anything about it.
-
In the column on the right, each "type" is a link to this help page. Each type leads to a discussion here about that type. Click to read more about it.
To complete each change, remember to build the page again!
What the Report Will Look Like
Below is a screenshot with some sample issues...
The Page column lists each file name of your site where an issue is located. Some pages will be listed more than once, indicating that there are 2 or more issues to fix. Click on each link if you want to view the published page.
The Non-Secure Resource URL column lists each problem URL. Click on the link to go to the creator's site for that URL. This will help you determine if there's new code to use.
The Type column lists each type of issue. The types are listed, starting immediately below this. Clicking on a link in that column brings you to the applicable section of this help file.
Image (img)
If you use images supplied by a company that you promote as an affiliate, those images may still be using http.
If they are, check the affiliate company for new image code for the products you promote. If you don't find any, ask the company to prepare new images that use HTTPS.
If you hotlink to other sites' images (you use the other sites' image URL to display the image -- something we do not recommend), you'll receive a warning here in the report if their URLs do not use HTTPS.
You'll either have to stop using the hotlinked images, switch to a different image on your own site, or settle for having a warning appear in browsers that the page is not secure.
JavaScript and JQuery (js)
Many tools these days use JavaScript (JS) or JQuery (for this discussion, JS also includes JQuery). Image sliders, most calculators, date and time widgets, and more all use JS.
Not all of them reference external sites, but many do. Any that are currently not using HTTPS in link references will have browsers reporting your pages as not secure.
Anything reported here is something you'll have to investigate at the JS code providers' site. Is there an HTTPS version of the code you currently use? If so, replace the old with the new.
If there's no HTTPS version available, add an "s" to "http" on one of your pages and test the tool or widget, or check that ads still appear on your site.
If everything works with HTTPS, use the code across all pages of your site.
If you use Statcounter to track traffic on your site, you can get new code by clicking on this link (you must be logged in to use it).
If you have any JS code snippets that include the URL for your site, you'll have to change those snippets after the conversion, switching your site's URL to HTTPS.
SBI! will automatically convert all AdSense (http://pagead2.googlesyndication.com/pagead/show_ads.js) and Google Custom Search (https://www.google.com/coop/cse/brand) URLs.
If you see any other Google tools listed in the report, such as Google Translate or Google Search, you will need to change the code for them.
CSS (css)
Many third-party widgets and tools that you can add to your site have their own styling. Most of those will include a reference to a CSS file hosted on the third-party site. Those will have to be changed to HTTPS.
Check at the site where you copied the code for the widget or tool. If there's an HTTPS version of the same tool, copy that code and replace the old code with the new.
If there's no HTTPS version, add an "s" to "http" in the CSS reference's URL in the code on one of the pages that uses the widget or tool.
If it still works (the styling still displays for the widget or tool), change the code on the remaining pages.
Iframe
If you use iframes to display content from other sites on your site, and the other site is not using HTTPS, browsers will tell your visitors that the page is not secure.
The only way to fix this is to convince the other site owner or webmaster to convert that site to HTTPS. Or stop displaying the other site's content on your site.
<embed> Tag
If you use the <embed> code to embed a video or audio file on your pages, the URL for the video or audio itself needs to be updated to the HTTPS version.
Click on the link in the report to go to the http version of the video or audio. Click on the Share or Embed option there, and check for an HTTPS URL for that video or audio.
If there is one, copy the code and replace the old with the new. If there isn't, change the URL in the <embed> tag to HTTPS and see if the video/audio still works.
If it doesn't work, ask the host for an HTTPS version, or consider using a different video/audio from a host that uses HTTPS.
If you have older YouTube videos on your pages, any using http will automatically be converted by SBI!.
<object> Tag
If you use the <object> code to embed a video or audio file (or any other type of external file) on your pages, the URL for the file itself needs to be updated to the HTTPS version.
Click on the link in the report to go to the http version of the file. Click on the Share or Embed option there, and check for an HTTPS URL for that file.
If there is one, copy the code and replace the old with the new. If there isn't, change the URL in the <object> tag to HTTPS and see if the file still works.
If it doesn't work, ask the host for an HTTPS version, or consider using a different file from a host that uses HTTPS.
If you have older YouTube videos on your pages, any using http will automatically be converted by SBI!.
<video> Tag
If your pages display any videos from other sites using the <video> tag, the URL for the video itself needs to be updated to the HTTPS version.
Click on the link in the report to go to the http version of the video. Click on the Share or Embed option there, and check for an HTTPS URL for that video.
If there is one, copy the code and replace the old with the new. If there isn't, change the URL in the <video> tag to HTTPS and see if the video still works.
If it doesn't work, ask the host to provide an HTTPS version, or consider using a different video from a video host that uses HTTPS.
If you have older YouTube videos on your pages, any using http will automatically be converted by SBI!.
<audio> Tag
If you embed any audio files on your pages using the <audio> ag, the URL for the audio itself needs to be updated to the HTTPS version.
Click on the link in the report to go to the http version of the audio. Click on the Share or Embed option there, and check for an HTTPS URL for that audio. If there is one, copy the code and replace the old with the new.
If there isn't, change the URL in the <audio> tag to HTTPS and see if the audio still works. If it does not work, ask the host for an HTTPS version, or consider using a different audio from a host that uses HTTPS.
Form Action
If you have any third-party forms that collect information and send it directly to another site, and the URLs are not HTTPS, you'll receive warnings here.
Check that new code is available. If it is, copy it and replace the old code with the new.
If new code is not available, add an "s" to "http" in the URL in the form code, then thoroughly test that the form works. If it does, replace the code on all other pages with the same form.
Form Build It! forms and MailOut Manager forms will use HTTPS, because the system will convert those URLs when you start the process.
If you use Mailchimp or AWeber, those URLs are already secure, so you will not receive a warning about them.
XML (xml)
If you use third-party XML for any purpose on your site (e.g., using a site's XML-based RSS feed URL in a news widget on your site), check to see if there's an HTTPS version.
If there is, copy it and replace the old with the new. If there isn't, add an "s" to "http" and see if the XML-based tool or function still works.
If it does, make the switch on all pages using the code.