Definition

Mixed content occurs when the initial HTML of a page is fetched over a secure HTTPS connection but the page then requests further resources such as images, video, scripts or stylesheets over an insecure HTTP connection.

Mixed content is split into two classes. Passive mixed content (images, audio, video) typically triggers a console warning but still loads, while active mixed content (scripts, iframes, stylesheets) is blocked outright by modern browsers because it could be used to alter the page. Browsers progressively upgrade or block mixed-content requests, so the symptom users see is usually missing images, broken layouts or a security warning in the address bar.

Examples

• Image hot-linked from HTTP

  A blog post served over HTTPS embeds an image with an `http://` URL. The browser shows a "Not fully secure" warning, the image may be upgraded silently to HTTPS, or it fails to load if the source server doesn't support TLS.

• Third-party script blocked

  An analytics snippet loaded over HTTP on an HTTPS page is blocked by Chrome as active mixed content, leaving the analytics provider with no data for those pageviews.

Sources

• web.dev — What is mixed content?

Related terms

• HTTPS
  Hypertext Transfer Protocol Secure — the encrypted version of HTTP. Google uses HTTPS as a lightweight ranking signal.
• SSL Certificate
  A digital certificate that binds a domain to a public key and lets browsers establish an encrypted HTTPS connection with the server.

Where QueryCatch uses this

• SEO Audit