1.6 HTTPS / security / infrastructureHighVerified

Mixed content warnings

A secure page that pulls in an insecure script, image or stylesheet triggers mixed-content warnings and can have those resources blocked. The padlock means nothing if the page loads http subresources.

What it is

Secure page loads insecure subresources.

Why it matters

Resource blocking and weakened security.

How to fix it

Serve all subresources over HTTPS.

How to find it on your site

Open the browser console and look for mixed content warnings.
Search the page source for http:// references in scripts, styles and images.
Update every subresource to https or a protocol-relative path.
Re-test that no insecure requests remain.

Cross-reference to ranking and citation factors

Mixed content undermines the HTTPS trust signal and can break functionality. Clean secure loading protects both security and experience.

Impact

Medium-high. Direct.

Evidence

Eliminate mixed content under HTTPS. Google Search Central, Secure your site with HTTPS

Sources

← HSTS header missing HTTP/2 or HTTP/3 not enabled →