The webpage is accessed via a secure HTTPS connection, but it harbors elements fetched through an insecure HTTP protocol.
Why is this important?
This occurrence is termed 'mixed content' and occurs when both secure (HTTPS) and non-secure (HTTP) elements are served to form a single page, compromising the integrity of the page's security. Such practice can expose users to man-in-the-middle attacks, compromising confidential data.
What does the Optimization check?
The Optimization activates when an internal HTTPS webpage incorporates any HTTP-linked resources, which can include:
link tags referencing stylesheets
HTML with a manifest attribute
external script files
images within srcset attributes
sources for video and audio
object elements with data attributes
Examples that trigger this Optimization
An example URL: https://example.com/page-a would set off this Optimization if it includes any HTTP resource link:
For a CSS file:
<link rel="stylesheet" href="http://httpbin.org/Assets/Css/below-fold.css?v=17">
For an image:
How do you resolve this issue?
This Optimization is designated 'Critical' due to the severity of the impact it can have on your site's search traffic and user trust. It is imperative to address such vulnerabilities with urgency.
Resources on your pages should be loaded using only HTTPS URLs. For any HTTP resource links, update them to their secure HTTPS versions.
If the resources are not available over HTTPS, you can:
Source the content from an alternative provider offering HTTPS.
Host the material on your own domain after ensuring it complies with copyright law.
Omit the inclusion of the specific resource on your website.