Rule page.security.mixed-content
Replace http:// resources with https://
page.security.mixed-content is a check in Crawlmind's site audit that grades medium-impact issues of this kind. This page explains why the rule matters and the exact fix.
Why it matters
An HTTPS page that loads scripts, images, or stylesheets over plain HTTP is "mixed content". Modern browsers block the insecure subresources outright (active content) or warn-then-load them (passive content). Search engines treat the page as less secure, AI assistants downgrade citation confidence, and the lock icon in the address bar disappears.
The fix
```html
<!-- Wrong -->
<script src="http://cdn.example.com/lib.js"></script>
<img src="http://example.com/photo.jpg" />
<!-- Right: explicit https -->
<script src="https://cdn.example.com/lib.js"></script>
<img src="https://example.com/photo.jpg" />
<!-- Or protocol-relative (inherits page scheme) -->
<img src="//example.com/photo.jpg" />
```
Audit with Chrome DevTools → Security tab: it lists every mixed-content subresource on the current page.