Eliminating Mixed Content Warnings with Amazon Associates

Mixed-ContentOnce I enabled SSL for tidgubi.com for free, I realized that most Amazon.com content is plain HTTP, so it was causing Google Chrome to give me mixed content (encrypted page with some unencrypted elements) warning messages:

Two as I dug into the HTML, I found that the Amazon Banner Ads, Widgets, and Payments Button were the cause of the mixed content warnings.

Banner Ads and Widgets

All of the Amazon Associates banner ads and widgets can be loaded over HTTPS; however, the banners any widget that displays product images load these images over HTTP. I couldn’t figure out a way to force the widget/javascript based ads to use HTTPS for images, but I was able to find a little trick to get the iframe based ads to use HTTPS. To do this, simply add &internal=1 to the end of the URL in the iframe’s src attribute and removed http: from the beginning of the URL. Removing http: tells the browser to use the same type of connection that was used to load the page, so these links automatically switch between HTTP and HTTPS. For example my "Kindle Banner" is <iframe src="//rcm-na.amazon-adsystem.com/e/cm?t=tidgubi-20&o=1&p=48&l=ur1&category=kindlerotating&f=ifr&internal=1" width="728" height="90" scrolling="no" border="0" marginwidth="0" style="border:none;" frameborder="0">

Warning: "internal=1" is used in Amazon’s example banners, so while it doesn’t strip associate IDs from links, it might cause these clicks not to count.

Donate/Pay Button

There are two easy fixes for the Donate/Pay button image.

The first option is to download the image and host it on from your webserver. For me the donate image is now at www.tidgubi.com/wp-content/themes/tidgubi/img/golden_small_donate_withmsg_whitebg.gif.

The second option is to link to Amazon’s SSL image server. To do this, just replace http://g-ecx.images-amazon.com with https://images-na.ssl-images-amazon.com. Since Amazon uses a different domain name for HTTP and HTTPS, there aren’t any tricks with HTML to switch how the image is loaded. If you always use HTTPS, it will make the page marginally slower since it needs to establish an HTTPS connection to ssl-images-amazon.com each time. If a page dynamically generates this HTML, you can dynamically pick the imager server based on the protocol used to load the main webpage.

9 thoughts on “Eliminating Mixed Content Warnings with Amazon Associates

  1. Jack

    Very helpful. Just saved me a lot of time, and I already went through as much of the Amazon Associates help documentation as I would like to admit.


  2. Chad (@n00ge)

    Thanks for the post! Have you been able to confirm if adding &internal=1 will cause clicks not to count? Do you still use this workaround?

    1. Kenji Yoshino Post author

      Hi Chad, I have not been able to determine whether adding &internal=1 affects tracking. I still use it. Since Amazon has probably added new ad types, I’ll revisit this topic soon.

  3. Richard Silverstein

    This doesn’t work for my Amazon store widget which I’m trying to display on an SSL site using Amazon Associates code.

    1. Kenji Yoshino Post author

      What type of ad unit are you having problems with? I didn’t see a mixed content warning when running a quick check on the standard link, banner, and native shopping ads.

Comments are closed.