When your Squarespace site shows as "Not Secure," it means the connection between your website and its visitors is not encrypted via HTTPS (HyperText Transfer Protocol Secure). This can be concerning for site owners and visitors alike. Here are detailed reasons why this might be happening and steps to resolve it:

Reasons for the Security Issue:

1. SSL Certificate Not Activated:

2. Secure Sockets Layer (SSL) certificates are essential for HTTPS. If the SSL certificate is not activated or correctly installed, your site will show as "Not Secure."

3. Domain Not Fully Forwarding to HTTPS:

4. Even if SSL is active, your domain may still be accessible via HTTP, which could cause some pages to show as "Not Secure."

5. Mixed Content:

6. Pages with mixed content, meaning both HTTP and HTTPS content, can trigger a "Not Secure" warning. This often occurs if some resources, like images, scripts, or stylesheets, are linked using HTTP.

7. Pending DNS Propagation:

8. Changes to DNS settings, such as a new SSL certificate, can take time to propagate throughout the internet. During this period, your site might temporarily be flagged as not secure.

9. Third-Party Code:

10. If you have embedded third-party services or widgets (e.g., payment gateways, social media feeds) that do not support HTTPS, these elements can compromise your site's security.

Steps to Resolve the Issue:

1. Enable SSL in Squarespace:

• Navigate to: Home Menu > Settings > Advanced > SSL.
• Check if "Secure (Preferred)" or "HSTS Secure" is selected.
• If it's not enabled, switch it to "Secure (Preferred)" and Squarespace will issue an SSL certificate automatically.

2. Force HTTPS:

• Navigate to: Home Menu > Settings > Domains.
• Select your domain and ensure that the “Enforce HTTPS” slider is toggled on. This will ensure all traffic is redirected to HTTPS.

3. Review and Update Content:

• Identify mixed content: Use browser developer tools (Console tab) or online tools to find mixed content warnings.
• Replace HTTP URLs: Update URLs for all internal and external resources to HTTPS in your content.

4. Allow Time for DNS Propagation:

• If you recently enabled SSL or made changes to your DNS settings, wait up to 72 hours for the DNS propagation to complete.

5. Check Third-Party Resources:

• Verify that all third-party services or code support HTTPS.
• Update any HTTP links for embedded content or external services that support HTTPS.

Additional Considerations:

• Custom Code Blocks: If you've added custom code (HTML, CSS, JavaScript), ensure it references HTTPS endpoints.
• Technological Compatibility: Ensure that the browsers you and your visitors use are modern and support HTTPS. Most will, but it can be worth checking if a visitor reports issues.
• Security Badges: Consider adding trust badges or certificates visibly on your site to reassure visitors once you resolve the security issues.

Limitations:

• Third-Party Content: Despite your best efforts, certain third-party content might still only be available over HTTP. Consider whether this content is critical to your site.
• Waiting Period: DNS propagation cannot be expedited drastically. Patience is required.
• Platform Restrictions: Occasionally, platform-specific limitations within Squarespace might require discussion with their support team for advanced issues.

By following these steps and considering the provided tips, you should be able to resolve security warnings and ensure that your Squarespace site is secure for your visitors.