Error guide / Mixed Content

Mixed content warning

Mixed content is when the page itself loads over HTTPS, but pulls in some resources over plain HTTP: images, scripts, styles, or fonts. The browser shows an incomplete padlock or a not secure warning, and may block some of those resources outright. Because of that the site often looks broken: styles disappear and scripts stop working.

Check your site

>

What causes it

The site's code is at fault: it still has links to resources using http:// instead of https://. These are often old absolute URLs left in the content, theme, or plugins after the site moved to HTTPS.

How to fix it

  1. Check the page's headers and resources with the tool below to find what loads over HTTP.
  2. Open the browser console (F12): it lists the exact URLs with mixed content.
  3. Replace every http:// link in the code and database with https:// or a protocol-relative (//) link for your own files.
  4. On WordPress, a search-and-replace database plugin or a 'force HTTPS' option makes this easy.
  5. For external resources with no HTTPS, find a replacement or host the file yourself.
  6. Add a 301 redirect from HTTP to HTTPS and an HSTS header so browsers request the secure version right away.

Related errors

Found problems?

Slow hosting, SSL trouble or frequent downtime? Move to TomisHost: fast hosting with free SSL, daily backups and free migration help.

TomisHost hosting