How to get rid of mixed content warning when using cookie-less domain for static content?

by notnull   Last Updated April 09, 2017 21:04 PM

When I serve all website content from same domain (, tools like pingdom keeps yelling:

Serve static content from a cookieless domain

When I serve static content from cookie-less domain (, Chrome says:

Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure image ''. This content should also be served over HTTPS.

How can I satisfy both conditions at the same time?

Answers 1

When I serve static content from cookie-less domain (

Just as the message says... Your "cookie-less domain" also needs to be HTTPS. eg.

Once you switch to HTTPS then everything must switch to HTTPS. It's all or nothing. This is for a reason... If you have resources on a non-secure HTTP connection then it is possible that "information" could be leaked over this non-secure connection and intercepted, which kind of defeats the point of having HTTPS in the first place.

April 09, 2017 20:42 PM

Related Questions

Mixed content - SSL Problem or Opencart?

Updated August 11, 2016 08:03 AM