The webpage is accessed via a secure HTTPS connection, but it harbors elements fetched through an insecure HTTP protocol.
Why is this important?
This occurrence is termed 'mixed content' and occurs when both secure (HTTPS) and non-secure (HTTP) elements are served to form a single page, compromising the integrity of the page's security. Such practice can expose users to man-in-the-middle attacks, compromising confidential data.
What does the Optimization check?
The Optimization activates when an internal HTTPS webpage incorporates any HTTP-linked resources, which can include:
link tags referencing stylesheets
HTML with a manifest attribute
external script files
image sources
images within srcset attributes
iframe embeds
audio files
video elements
sources for video and audio
image inputs
embedded resources
object elements with data attributes
Examples that trigger this Optimization
An example URL: https://example.com/page-a would set off this Optimization if it includes any HTTP resource link:
For a JavaScript file:
<script src="http://httpbin.org/tracker.min.js" type="text/javascript" async></script>
For a CSS file:
<link rel="stylesheet" href="http://httpbin.org/Assets/Css/below-fold.css?v=17">
For an image:
<img src="http://httpbin.org/image">
How do you resolve this issue?
This Optimization is designated 'Critical' due to the severity of the impact it can have on your site's search traffic and user trust. It is imperative to address such vulnerabilities with urgency.
Resources on your pages should be loaded using only HTTPS URLs. For any HTTP resource links, update them to their secure HTTPS versions.
If the resources are not available over HTTPS, you can:
Source the content from an alternative provider offering HTTPS.
Host the material on your own domain after ensuring it complies with copyright law.
Omit the inclusion of the specific resource on your website.