Start Exploring Keyword Ideas

Use Serpstat to find the best keywords for your website

9927 48
How-to 6 min read September 20, 2019

What is mixed content and how to remove it from HTTPS-protected sites

Mixed content occurs when insecure elements are loaded over HTTP protocol to an SSL-protected page. An HTTPS page that contains any HTTP links is attackable which may influence SEO in a negative way.

What is mixed content on an HTTPS site

While applying HTTPS, it is essential to ensure only secure content on your site. Thus, all internal and external links to pictures, scripts, or other pages should be implemented relatively or over HTTPS protocol. It is recommended to apply links in a proportional form.

HTTPS pages are encrypted with TLS and protected from data theft. Mixed content makes your site fragile; it can undergo code altering if attacked. Subsequently, the connection fails to be secure.

In case an HTTPS page contains a link starting with http://, search systems identify it as "mixed content error" that degrades SEO.

According to W3C specification, browsers report warnings about pages with mixed content:
A warning about unsafe content in the browser
This error can be screened in Mozilla developer tools or in JavaScript console in Google Chrome tools.

Error warning in Chrome:
Mixed content warning in Google Chrome
Error warning in Mozilla:
Mixed content warning in Mozilla Firefox

Mixed content types

There are two groups of mixed content, passive and active.
Passive mixed content includes generally accessible elements that do not allow obtaining any kind of confidential or financial data when hacked.

Stealing such data via an insecure protocol cannot bring financial gains to fraudsters. All they can succeed to do is garbling your site by changing this content.

Passive mixed content includes pictures, audio files, video materials, and other elements that intruders may replace with hard-hitting files, thus disrupting the resource's normal course of work.
Active mixed content includes scripts and frames that can seriously harm the site and its users if stolen. Src attributes of <script> and <iframe> tags are the foremost elements that refer to this type of content. Other endangered features are:

  • href attribute of <link> tag;
  • data attribute of <object> tag;
  • URL parameter in CSS styles;
  • XTMLHttpRequest including its queries.

In theory, this kind of mixed content may allow hackers to seize personal data, passwords, bank card numbers, etc. Even if users type in confidential information on a secure page, fraudsters can use scripts to arrange redirection to an unsafe resource where this important data will be stolen.

It is strongly recommended to avoid entering plastic card data if you have the slightest doubt about the site security.

Detecting and preventing insecure content on HTTPS pages

Using browser developer tools to check a big resource that contains a large number of pages is very hard work. In order to automate and simplify this process, you can use "Site audit" module by Serpstat. Open "HTTPS Certificate" section of the summary report:
HTTPS sertificate errors in Serpstat's site audit tool
The report points out the errors related to mixed content. Let us examine the provided example in detail.
Invalid links from HTTPS to HTTP pages.

This error may be corrected by changing HTTP to HTTPS in internal links on the indicated pages.
HTTPS pages link to insecure HTTP pages
Use of HSTS support.

This error type is attributed to web server peculiarities. To dismiss the error, you need to address hosting provider service to learn if it approves of using HSTS. The algorithm enables automatic transfer to the secure protocol even if a user starts entering a link with http://.
Using HSTS support on the site
Insecure elements on the page.

If this type of error was reported, inspect the identified pages for any links starting with http:// and replace them with https://. In case these links transfer users to HTTP pages, you should download only the necessary information from such resources.

For example, it is better to upload required pictures or scripts to your own site instead of using links that lead to insecure sites. The next step is to replace the undesirable links to relevant ones or enable HTTPS protocol.
Mixed content on the site
In addition, by using Serpstat report, you can find the insecure links included to the sitemap and find out if your project still contains any HTTP pages.
Besides, the site can be checked by any scanning program like SEO Frog which may also provide a total list of links with http and https applied in your site.


Mixed content undermines site appearance and SEO; for this reason, it should be timely detected and removed. It contributes to SEO, helps to dismiss browser warnings, and ensures user security.

All browsers are obliged to inform users in case a site contains insecure elements; potential visitors may prefer a competitor site that provides safe content.

You can turn to developer tools to detect the problems manually; however, it may take very much time. A quicker way to get detailed data concerning the incorrect use of HTTPS is using Serpstat.

A resource should be scanned for insecure links shortly after the site was created or protected by https.

In order to deal with errors, you should replace the links with https:// variant or upload required files directly to your server after downloading necessary information from other sites and then use relative links.
This article is a part of Serpstat's "Site Audit" tool
SEO Audit in Serpstat" title = "What is mixed content and how to remove it 16261788339478" />
Audit all the site or page in one click. A complete list of errors, sorted by severity, ways to resolve them and recommendations. Any frequency of verification and automatic email reports.
Run Site Audit

Speed up your search marketing growth with Serpstat!

Keyword and backlink opportunities, competitors' online strategy, daily rankings and SEO-related issues.

A pack of tools for reducing your time on SEO tasks.

Get free 7-day trial

Rate the article on a five-point scale

The article has already been rated by 1 people on average 4 out of 5
Found an error? Select it and press Ctrl + Enter to tell us

Discover More SEO Tools

Tools for Keywords

Keywords Research Tools – uncover untapped potential in your niche

Serpstat Features

SERP SEO Tool – the ultimate solution for website optimization

Keyword Difficulty Tool

Stay ahead of the competition and dominate your niche with our keywords difficulty tool

Check Page for SEO

On-page SEO checker – identify technical issues, optimize and drive more traffic to your website

Share this article with your friends

Are you sure?

Introducing Serpstat

Find out about the main features of the service in a convenient way for you!

Please send a request, and our specialist will offer you education options: a personal demonstration, a trial period, or materials for self-study and increasing expertise — everything for a comfortable start to work with Serpstat.




We are glad of your comment
I agree to Serpstat`s Privacy Policy.

Thank you, we have saved your new mailing settings.

Report a bug

Open support chat
mail pocket flipboard Messenger telegramm