Google Sites‎ > ‎How To...‎ > ‎

Displaying HTTP content in Google Sites

This article was written specifically about using iframes but applies equally to any content delivered over http: which is accessed via a Google Site

For security reasons in the latest version of most modern browsers, http iframes no longer load in https pages by default.
What this means is that if you have a page delivered by https: containing an iframe that references an http: page, that iframe will appear blank and a 'shield' icon will appear in the browser bar (varies by browser).
This affects 'unmapped' Google Sites because all sites from the domain sites.google.com will always be delivered using https:

There are several workarounds are available:
  • The simplest solution: If possible, change all references to https pages in stead of http.  This does not always work. Not all content is available using https.

  • Map your site
    As noted above, unmapped sites have a domain name starting sites.google.com which will always be delivered using https. However, if you map your site, the mapped version of the site will be delivered over http:
    e.g. There is a http: iframe on this Site whcih can be accessed via

    http://sitesguide.pjrprojects.co.uk/google-sites/how-tos/embed-an-iframe/iframe-example---bbc-news or via

    https://sites.google.com/a/pjrprojects.co.uk/sitesguide/google-sites/how-tos/embed-an-iframe/iframe-example---bbc-news

    If you use the first (mapped) option, you will see the iframe content displayed. If you use the second (unmapped) option, you may not (depending on your browser and its setting - see below)

    To map your site you will need to purchase a domain (and remember to renew your registration regularly!) and follow Steegle's instructions in his FAQ number 3 

    (Note, however, that if you are signed in to edit your Site or required to sign in as a viewer (private Sites), this will force use of the sites.google.com domain which will in turn force use of https)

  • Chrome users can change the behaviour using the shield button in the browser bar. See help article.

  • Although not recommended, Chrome users can also use the command line flag---allow-running-insecure-content to prevent Chrome from checking for insecure content. Instructions on how to add a command line flag can be found on the Chromium site