Loadingβ¦
Make every resource load over HTTPS so the browser shows a secure padlock.
Mixed content happens when an HTTPS page loads images, scripts or styles over insecure HTTP. Browsers block or warn about it, breaking the padlock and sometimes the page. It defeats the purpose of having HTTPS.
http:// resource on the page.https:// (or protocol-relative). Re-upload any assets only available over HTTP.upgrade-insecure-requests so browsers auto-upgrade subresource requests.<img src="http://example.com/logo.png"> <!-- blocked on https page --><img src="https://example.com/logo.png">
<!-- header: Content-Security-Policy: upgrade-insecure-requests -->"Really Simple SSL" rewrites insecure URLs automatically; for hardcoded ones, run a search-replace on the database.
Use https:// (or relative) asset URLs; next/image requires configured https domains.
Run a free audit and get a prioritized fix list with auto-generated code.
Run a free audit