How to Fix Insecure Form Actions (HTTP on HTTPS Pages)
errorThe Problem
Your HTTPS page contains a form that submits data to an HTTP URL. This means customer data (email addresses, search queries, or even payment info) is sent unencrypted over the internet. Browsers flag this as a security risk and may block the form submission entirely.
trending_upWhy It Matters for SEO
Insecure form actions are a serious security and trust issue. Customers expect their data to be encrypted when they see the padlock icon. An insecure form breaks that trust and can trigger browser security warnings. Google also penalizes mixed content, which includes insecure form actions.
buildHow to Fix It
- 1
Search your theme code for 'http://' in form action attributes.
- 2
Go to Online Store → Themes → Edit Code.
- 3
Use the search feature to find all <form> tags with action attributes.
- 4
Replace any http:// URLs with https:// URLs.
- 5
For dynamic forms, ensure you're using the {{ shop.secure_url }} Liquid variable.
<!-- BAD: -->
<form action="http://yourstore.com/search">
<!-- GOOD: -->
<form action="{{ routes.search_url }}">
<!-- Or for custom forms: -->
<form action="https://yourstore.com/contact">Related Fix Guides
How to Fix Mixed Content Warnings on Shopify & WooCommerce
Fix mixed content (HTTP resources on HTTPS pages) on your store. Mixed content breaks the padlock icon and scares away customers.
How to Add Your Sitemap to robots.txt on Shopify & WooCommerce
Your robots.txt doesn't reference your sitemap. This simple fix helps Google discover and crawl all your pages faster.
Want to check if YOUR store has this issue?
Scan your site for free — get copy-paste fixes in 60 seconds.
searchScan Now — It's Free