We mentioned at the end of last that year we’d be transitioning to forced HTTPS for anyone that loads itch.io through a browser or the API. Although HTTPS has been optional since then, today we’ve finally switched over to 100%.
In order to make sure that all pages on itch.io work with as few warnings as possible, and no blocked content, we ran a script over every project page to upgrade any iframe or img tags with http:// URLs that could be upgraded. (Additionally any custom CSS was scanned and upgraded as well)
Since many projects host their images on their own domains which do not support HTTPS, we weren’t able to automatically upgrade those. The browser may show a warning notification on the address bar for these pages. We recommend checking over your game pages for any notices.
When embedding new content on your page we recommend using https:// URLs whenever possible. It’s a requirement for iframe embeds, and highly recommended for images. All common image hosts should support https://, all you need to do is update the URL after you paste it in.
P.S. For added account security we recommend enabling two factor authentication