What mixed content is and why the browser warns 'not secure'

In short

Mixed content is when a page is open over secure https but loads some of its resources (images, scripts, styles) over insecure http. The browser treats such a page as only partly secure.

Why it is risky

The browser shows a 'not secure' warning or a padlock with an exclamation mark - trust in the site drops for no good reason. Active mixed content (scripts over http) is simply blocked by modern browsers, and part of the page can stop working.

Where it comes from

The site moved to https but old http links to resources stayed in the code. An external script or font was added over http. Images in articles were inserted with an http address. One such resource is enough for the browser to flag the whole page.

Common mistakes

Images and scripts inserted with http:// on an https site
External widgets and fonts loaded over http
After moving to https, resource links in the code were not updated

Check how this looks on your site

A free 30-second audit shows whether everything is fine on your site.

Check your site for free

FAQ

Does it affect rankings?

Directly, only mildly; indirectly, a lot: a 'not secure' warning scares people off and blocked scripts break the page. Both hurt user-behavior signals and trust.

How do I find mixed content?

The free SEO Nerve audit checks whether your https page loads any resources over http and shows you exactly which ones.

Check your site on SEO Nerve →