Fixing mixed content

Supporting HTTPS for your website is an important step to protecting your site and your users from attack, but mixed content can render that protection useless. Increasingly insecure mixed content will be blocked by browsers, as explained in What is mixed content?

In this guide we will demonstrate techniques and tools for fixing existing mixed content issues and preventing new ones from happening.

Finding mixed content by visiting your site

When visiting an HTTPS page in Google Chrome, the browser alerts you to mixed content as errors and warnings in the JavaScript console.

In What is mixed content?, you can find a number of examples and see how the problems are reported in Chrome DevTools.

The example of passive mixed content will give the following warnings. If the browser is able to find the content at an https URL it automatically upgrades it, then shows a message.