In general, all our tracking scripts, image pixels, and links are currently working with HTTP and HTTPS. With the release of Chrome 81 all main browsers will be blocking mixed (active) content to improve the privacy and security of each and every user.
In short, mixed content are HTTP requests done on HTTPS sites. By allowing mixed content on your site, you run the risk that you won´t track the conversions generated by your Publishers and/or that your site appears broken to your users (e.g. iframes are not loaded or redirects are not working).
To guarantee that your tracking is working, all scripts, image pixels and links provided by Target Circle or any of our Providers have to be updated from HTTP to HTTPS before 01.03.2020.
Mixed content types
In general, there are two types of mixed content: passive mixed content and active mixed content. The main difference between those two types are the threat level of the insecure HTTP requests (e.g. the threat level of an image is lower than the threat level of an unsecured iframe).
Passive mixed content HTTP requests:
- <img> (src attribute)
- <audio> (src attribute)
- <video> (src attribute)
- <object> subresources (when an <object> performs HTTP requests)
Active mixed content HTTP requests:
- <script> (src attribute)
- <link> (href attribute) (this includes CSS stylesheets)
- <iframe> (src attribute)
- XMLHttpRequest requests
- fetch() requests
- All cases in CSS where a <url> value is used (@font-face, cursor, background-image, and so forth).
- <object> (data attribute)
Active and passive mixed content is treated differently by browsers.
For this reason, we recommend updating all links on your site from HTTP to HTTPS.
To identify mixed content, you can use the developer tools of the browsers.
Besides that, the following article from Google provides some more advanced techniques to identify mixed content at scale.