We respect your privacy.

We use strictly necessary cookies to keep you signed in and to protect against CSRF. With your permission we also use a small amount of first-party analytics to improve the product. We do not sell your data and we do not use third-party advertising trackers. See our cookie policy and privacy policy .

← All learn topics

Rule page.security.mixed-content

Replace http:// resources with https://

page.security.mixed-content is a check in Crawlmind's site audit that grades medium-impact issues of this kind. This page explains why the rule matters and the exact fix.

Impact: mediumEffort: lowFixable: 1-click

Why it matters

An HTTPS page that loads scripts, images, or stylesheets over plain HTTP is "mixed content". Modern browsers block the insecure subresources outright (active content) or warn-then-load them (passive content). Search engines treat the page as less secure, AI assistants downgrade citation confidence, and the lock icon in the address bar disappears.

The fix

```html
<!-- Wrong -->
<script src="http://cdn.example.com/lib.js"></script>
<img src="http://example.com/photo.jpg" />

<!-- Right: explicit https -->
<script src="https://cdn.example.com/lib.js"></script>
<img src="https://example.com/photo.jpg" />

<!-- Or protocol-relative (inherits page scheme) -->
<img src="//example.com/photo.jpg" />
```

Audit with Chrome DevTools → Security tab: it lists every mixed-content subresource on the current page.

References