Free Webinar: Website Migrations & Redirect Mapping Dos & Don’ts Sign up now!

Free Trial

Dealing with Security issues?

Crawl your website with Sitebulb for 300+ tech SEO checks

Try for Free
Latest Version v8.8

Security Hints

Critical This Hint requires immediate attention, as the issue may have a serious impact upon crawling, indexing or ranking. Issue This Hint represents an error or problem that needs to be fixed.

Mixed content (loads HTTP resources on HTTPS URL)

This means that the URL in question is loaded over a secure HTTPS protocol, but some other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.

Why is this important?

This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Mixed content degrades the security and user experience of your HTTPS site.

Requesting subresources using the insecure HTTP protocol weakens the security of the entire page, as these requests are vulnerable to man-in-the-middle attacks, where an attacker eavesdrops on a network connection and views or modifies the communication between two parties. Using these resources, an attacker can often take complete control over the page, not just the compromised resource.

What does the Hint check?

This Hint will trigger for any internal HTTPS URL which includes resource links to any HTTP URL, where 'resource links' are considered to be anything that renders a URI;

  • link[rel='stylesheet']
  • html[manifest]
  • script[src]
  • img[src]
  • img[srcset]
  • iframe[src]
  • audio[src]
  • video[src]
  • source[src]
  • input[type='image'][src]
  • embed[src]
  • object[data]

Examples that trigger this Hint

Consider the URL: https://example.com/page-a

The Hint would trigger for this URL if it contained even a single resource link to an internal HTTP URL. Any of the options below would trigger it:

JavaScript resource link is HTTP:

<script src='http://httpbin.org/tracker.min.js' type='text/javascript' async='async'></script>

CSS resource link is HTTP:

<link rel='stylesheet' href='http://httpbin.org/Assets/Css/below-fold.css?v=17'>

Image resource src is HTTP:

<img src='http://httpbin.org/image' />

How do you resolve this issue?

This Hint is marked 'Critical' as it represents a fundamentally breaking issue, which may have a serious adverse impact upon organic search traffic. It is strongly recommended that Critical issues are dealt with as a matter of high priority.

You need to only use https:// URLs when loading resources on your page. For each URL that loads HTTP resources, update the link references to point to the HTTPS counterparts.

In some cases, you may find that the resources in question are not available over HTTPS, in which case seek to do one of the following:

  • Include the resource from a different host, if one is available.
  • Download and host the content on your site directly, if you are legally allowed to do so.
  • Exclude the resource from your site altogether.

Further reading

Security in Sitebulb

Learn more about Sitebulb's website security audit

Sitebulb Desktop

Find, fix and communicate technical issues with easy visuals, in-depth insights, & prioritized recommendations across 300+ SEO issues.

  • Ideal for SEO professionals, consultants & marketing agencies.

Try our fully featured 14 day trial. No credit card required.

Try Sitebulb for free

Sitebulb Cloud

Get all the capability of Sitebulb Desktop, accessible via your web browser. Crawl at scale without project, crawl credit, or machine limits.

  • Perfect for collaboration, remote teams & extreme scale.

If you’re using another cloud crawler, you will definitely save money with Sitebulb.

Explore Sitebulb Cloud