top of page
  • Writer's pictureBrent Payne

Mixed content (loads HTTP resources on HTTPS URL)

The webpage is accessed via a secure HTTPS connection, but it harbors elements fetched through an insecure HTTP protocol.


Why is this important?

This occurrence is termed 'mixed content' and occurs when both secure (HTTPS) and non-secure (HTTP) elements are served to form a single page, compromising the integrity of the page's security. Such practice can expose users to man-in-the-middle attacks, compromising confidential data.


What does the Optimization check?

The Optimization activates when an internal HTTPS webpage incorporates any HTTP-linked resources, which can include:

  • link tags referencing stylesheets

  • HTML with a manifest attribute

  • external script files

  • image sources

  • images within srcset attributes

  • iframe embeds

  • audio files

  • video elements

  • sources for video and audio

  • image inputs

  • embedded resources

  • object elements with data attributes

Examples that trigger this Optimization

An example URL: https://example.com/page-a would set off this Optimization if it includes any HTTP resource link:

For a JavaScript file:

<script src="http://httpbin.org/tracker.min.js" type="text/javascript" async></script>


For a CSS file:


For an image:


How do you resolve this issue?

This Optimization is designated 'Critical' due to the severity of the impact it can have on your site's search traffic and user trust. It is imperative to address such vulnerabilities with urgency.


Resources on your pages should be loaded using only HTTPS URLs. For any HTTP resource links, update them to their secure HTTPS versions.


If the resources are not available over HTTPS, you can:

  • Source the content from an alternative provider offering HTTPS.

  • Host the material on your own domain after ensuring it complies with copyright law.

  • Omit the inclusion of the specific resource on your website.

Further reading

3 views

Recent Posts

See All

ClubReq Gets A Link (Because They Asked)

I am a mentor for Techstars and have been for over 10 years. In those ten years I have mentioned to startups to ask ANYONE and everyone that they meet to link to their site. Yet, in all those times on

Comments


bottom of page