Back to Journal/Guide

og:image HTTP vs HTTPS: Why Insecure Links Break Previews

Insecure image links can destroy your click-through rate. Understand why platforms reject HTTP image tags and how to ensure your preview cards render flawlessly.

LT
LinkPeek TeamSecurity & QA
June 19, 2026ยท6 min read

The Silent Protocol Killer

You have configured all your Open Graph tags, verified the image file size is under the limit, and confirmed that your robots.txt allows bot traffic. Yet, when you share your link on WhatsApp or LinkedIn, the preview image remains blank.

The culprit is often a single letter in your image URL protocol: HTTP instead of HTTPS.

In 2026, social media platforms are aggressively enforcing user security. Serving insecure media assets in social shares is no longer accepted, and most crawlers will silently drop your image if it is served over an unencrypted connection.

Why Platforms Reject HTTP Social Images

When a user clicks a link preview on a secure platform (like WhatsApp or Slack), they expect a safe, encrypted transition. If the platform renders an image served over HTTP inside its secure mobile app interface, it triggers a mixed-content warning.

To maintain their security standards, WhatsApp, LinkedIn, X, and Facebook crawlers reject insecure asset connections:

  • WhatsApp: Silently drops any og:image that does not use a secure HTTPS protocol.
  • LinkedIn: Fails to load insecure images due to strict SSL handshakes on its CDN proxy.
  • Facebook: Flags insecure images in its debugger, warning that they will fail to load for users.

Visual Branding Impact of Insecure Cards

A broken preview card does not just hurt your traffic; it damages your brand credibility. When an image fails to load, the layout shifts, leaving a large, empty gray box that looks broken and untrustworthy to users.

Raw tag checkers might show you that og:image is populated, but they will not show you the visual impact of an empty, broken image box. LinkPeek's layout checker immediately simulates these connection failures and triggers a critical warning, allowing you to fix protocol mismatches before your users see a broken link card.

How to Secure Your Open Graph Assets

To guarantee that your preview images render flawlessly, ensure that:

  • Your domain has a valid SSL certificate.
  • Your og:image URL starts with https://.
  • Your server redirects all HTTP traffic to HTTPS.
html
<!-- โŒ Insecure HTTP URL (will fail on WhatsApp and LinkedIn) -->
<meta property="og:image" content="http://example.com/share-image.jpg" />

<!-- โœ… Secure HTTPS URL (universal compatibility) -->
<meta property="og:image" content="https://example.com/share-image.jpg" />

FAQ: Insecure OG Images

Q: Can I use an HTTP page URL if my image uses HTTPS?

A: While the image will render, it is best practice to secure both the page URL and the image URL to prevent security warnings.

Q: Why does my HTTP image show up in Slack but not in WhatsApp?

A: Slackbot runs in a more permissive server environment, whereas WhatsApp generates previews directly on the sender's device, which enforces strict mobile security settings.

Q: How can I check if my certificate is causing issues?

A: Run your URL through LinkPeek. It checks the SSL handshake of the image server and flags expired or self-signed certificates that block crawlers.

#og image https required#insecure og:image#http vs https link preview#social card mixed content#broken og image secure connection
Continue Reading
๐Ÿ’ฌTroubleshooting

WhatsApp Link Preview Not Working? Complete Fix Guide (2026)

8 min read
๐Ÿ“Reference

OG Image Size Guide 2026: Every Platform's Requirements

10 min read