Mixed Content Warnings

Easy, easy fix. This site runs on one of my KVM virtualized servers.  All services have been compiled from source. Current operations include NginX 1.13.2, Varnish 5.1, Brotli encoding/compression, a newish-er version of OpenSSL for H2, Curve25519, and stronger ciphers. Good stuff.  Forget to call one image (or your site logo won’t redirect), buh-bye padlock, hello Mixwd Content. If you’re running nginx, here’s a quick fix to add to your SSL server block: add_header Content-Security-Policy "upgrade-insecure-requests"; add_header Strict-Transport-Security "max-age=31536000; preload; includeSubdomains"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "SAMEORIGIN"; #add_header Cache-Control "public, max-age=86400, stale-while-revalidate=3072, stale-if-error=3600"; If you’re running Apache you can set something similar...