(14 votes, average: 4.86 out of 5, rated)
If you’re coming across mixed content warnings, you must be wondering why you’re seeing them. After all you’ve already migrated your site to HTTPS using an SSL/TLS certificate. This is very frustrating, and you want to fix these mixed content warnings ASAP. We get it; we totally get it. That’s why we’ve come up with solutions in these blogs. But before you pounce on the solutions, you must understand what a mixed content warning is and what it means.
Let’s get started.
When browsers come across HTTPS-enabled websites, they expect them to be fully secured. If they don’t find them entirely secure, they warn the users in the form of mixed content warnings. What we mean by this is that when some parts of your website are delivered over HTTPS and some over HTTP, the browsers regard it as “mixed content” and subsequently, display mixed content warnings.
When it comes to mixed content, there are two main types of mixed content that you need to consider. The first one is Mixed Active Content (Mixed Scripting), and the second one is Mixed Passive Content (Mixed Display Content). When it comes to mixed active content, a script is loaded through insecure HTTP. The browsers block such content completely. On the other hand, mixed passive content consists of images, audio files, videos, etc. Such content isn’t deemed too dangerous by browsers, and therefore, they display warnings instead of blocking entire content.
We hope this has got you clear with the idea of mixed content. Now the next step is finding said mixed content. Because let’s face it, how can you fix it when you can’t find it? So, let’s find it.
There are many ways you can go about this. Let’s talk about the first one. Open up any page in a browser and view its source code. Now search for src=http and identify every resource that is being served over HTTP. This is the best method we can suggest. You can also detect mixed content by peeking through the console of your browser. But if you don’t have that much time (feeling lazy in other words), you should head to https://comodosslstore.com/ssltools/why-no-padlock.php and enter your domain there. This tool is automatic and scans for insecure links and resources. Although it’s a pretty accurate tool, sometimes, it might miss something.
It’s pretty apparent that you need to cover your entire website under the umbrella of HTTPS or SSL. To do so, you’ll have to serve the insecure content over HTTPS. In other words, you’ll have to make sure that the URLs of your sources have HTTPS in front of them. This can be done by using the HTTPS version of your URL.
You can do this only if you have the URL under your control though. What if there’s an external URL that doesn’t support HTTPS? If that’s the case, you’ve got two options left. You can contact the site administrator and ask him/her to make the URL available over HTTPS. And if he/she doesn’t do it for whatever reason, there’s no option but to remove that resource form your website.
Of course, the above two options will work for any environment. But if you have a WordPress site, you don’t need to go through the troubles as there’s a plugin that’ll do the job for you. You need to download the SSL Insecure Content Fixer. This plugin is pretty straightforward and makes your job much more manageable.
Insecure warnings by browsers leave a bad impression in a viewer’s mind and consequently, a major dent in your reputation. This can be avoided pretty easily. We hope this blog has helped you get rid of mixed content warnings.