Ecommerce Checkout Suicide

We very frequently do site reports for ecommerce stores and while we see a host of SEO issues and other problems in these sites, there is one problem that will create checkout abandonment like no other….. Have you seen this in your store?

This page contains both secure and nonsecure items. Do you want to display the nonsecure items?

This error is an error referring to an unsecured element within your store’s secured pages…. This is generally going to be most damaging in Internet Explorer which presents the pop up warning shown below.

This page contains both secure and nonsecure items. Do you want to display the nonsecure items
This page contains both secure and nonsecure items. Do you want to display the nonsecure items

While FireFox and other browsers indeed note this same error… The delivery method is far less daunting. Most recently W3SCHOOLS presented browser usage stats indicating that while FireFox usage is clearly on the rise, over 39% of users still use a version of Internet Explorer.

The greatest issue with this checkout error is that many webmasters miss it. I would comfortably say that most site owners will be using FireFox or another more capable web browser…. So many times this error goes completely unnoticed. Add the fact that shoppers using other browsers will likely miss the very subtle errors delivered by FireFox and similar and still checkout…. Essentially making this the “hidden” error so to speak. It’s tough to see the error in your stats and such as many other shoppers will checkout completely oblivious of the error.

This error is really a simple matter of a unsecured element attempting to be displayed on a SSL/secured page. In truth the problem is that the unsecured element causes the connection to be only partially encrypted with your SSL.

The easiest way to check if your online store has this error is to open it up in IE and go to a checkout or other secured page. Note that checking your main page or other page which is not intended to be secure will likely present a false positive for the error… If for no other reason than the base url being http:

Commonly we see this error caused by images. Images displayed from another website (hot linked) must be either using a secured https: url or you must download them and display them from your own site. Even your own images can present this error if the are using an absolute link which is not secured ( These image issues are quickly remedied by changing the link to a relative path (images/image.jpg). If for some reason your web hosting or you have issues with being able to code your image sources in this way you can also try the fix below.

<img src=”//” alt=”” />

The second most common time we see this error is running scripts. Let me start by noting that *most scripts have no place on your checkout pages… Checkout pages should be designed “in a tunnel”, most effectively they should be quite simple and completely without distractions which prevent checkout.

For example, we see shop owners with this error caused by a social media button.. Honestly, do you really want anyone to bookmark your checkout? In any case, we also see this in shopping feed button image scripts and even the Google Analytics script as well.

To fix this, any script which is calling out to display an element in the secured pages must also be secured. Scripts for buttons and such will need to have these elements provided from a secured site or removed from checkout. While many of these third party scripts will not outright offer you a secured script, they may have one which you can use by altering the http:// links to be https://… If no SSL is present then you will have to remove these scripts from checkout pages.

<script type=”text/javascript” src=”>

Google Analytics is a much simpler fix, as Google provides a properly secured script. To fix this you have only to grab the correct version of the script from Google and replace it.

The hardest part is determining which or what element is causing the issue. Most commonly it will be an image, so searching the source of the page for something like src=”http:// will grab image source and some scripts and other elements as well. Note that you will want to check the <head> of the page as well…. CSS stylesheets and scripts in the head must be secured as well.

Avoid this bit of checkout suicide and check your cart… It only takes a moment and can change your business dramatically. While it may be on your tongue begging to be said that IE is a pain… Realize that for your shoppers unsecured items on these page’s endanger their privacy and security of their online transaction.

2 responses to “Ecommerce Checkout Suicide”