Definition
Mixed content occurs when an HTTPS page loads resources (images, scripts, CSS, fonts, iframes) via insecure HTTP. Browsers distinguish passive mixed content (images, video, audio) which displays a warning, from active mixed content (scripts, CSS, iframes) which is blocked by default. For SEO, mixed content is problematic: Chrome displays an insecure padlock degrading user trust, blocked resources can break design or functionality, and Google may consider the site as partially insecure. Common causes include hard-coded http:// links in code, CDNs not configured for HTTPS, third-party ads served over HTTP, and user-generated content with HTTP images.
Key Points
- Active mixed content (scripts, CSS) is blocked by default in browsers
- Passive mixed content (images) displays a security warning
- Use protocol-relative URLs (//) or force HTTPS for all resources
Practical Examples
Mixed content audit
After HTTPS migration, an audit with Chrome DevTools reveals 45 mixed content resources: 30 images, 10 third-party scripts, and 5 CSS files. Fixing all HTTP references eliminates the insecure warning.
Blocked active mixed content
An HTTPS site loads a chat script over HTTP. Chrome blocks the script, making the chat non-functional. Switching the script to HTTPS resolves the issue immediately.
Frequently Asked Questions
Use Chrome DevTools (Console and Security panel) for individual pages. For a global scan, Screaming Frog can identify all HTTP resources on HTTPS pages. The Search Console security report also flags issues.
Yes, URLs like //cdn.example.com/image.jpg automatically use the page's protocol (HTTPS if the page is HTTPS). It is a simple solution, but explicitly forcing HTTPS with https:// is preferable.
Go Further with LemmiLink
Discover how LemmiLink can help you put these SEO concepts into practice.
Last updated: 2026-02-07