Mixed Content
Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets, iframes) over HTTP rather than HTTPS. This creates a security vulnerability because the insecure resources can be intercepted and modified by attackers, undermining the security guarantees of HTTPS. Browsers handle mixed content in two ways: "passive" mixed content (images, audio, video) is typically loaded with a warning, while "active" mixed content (scripts, iframes) is blocked entirely in modern browsers.
Mixed content commonly occurs after an HTTP-to-HTTPS migration when internal links, image `src` attributes, or hardcoded third-party resource URLs still use `http://`. It can also arise from third-party embeds or ad networks that serve resources over HTTP. Resolving it requires updating all insecure resource references to use HTTPS or protocol-relative URLs.
Why it matters for SEO
Mixed content compromises the security benefits of HTTPS and triggers browser warnings that erode user trust. Blocked active mixed content can break page functionality entirely. From an SEO perspective, security and user experience signals — including HTTPS integrity — are factored into Google's Page Experience ranking signals.
Free tools to help with Mixed Content
Ready to put Mixed Content into practice?
LazySEO automates keyword research, content writing, and publishing — so you rank without the manual work.
Try LazySEO for $1