You Paid for SSL. You Set Up HTTPS. You Still Have a Security Warning.
Mixed content happens when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP.
The page is technically HTTPS, but the insecure resources break the security chain. Browsers may block these resources or show a "not fully secure" warning.
Why It Matters for SEO
Google favors HTTPS. But mixed content undermines the security signal. If browsers are blocking your images or showing warnings, your user experience suffers. And Google notices user experience issues — it is part of the broader page experience signals that affect rankings.
How to Find Mixed Content
Open your site in Chrome. Open DevTools (F12). Check the Console tab for mixed content warnings. They will list every HTTP resource loaded on the page.
Or use a crawler like Screaming Frog to scan your entire site for HTTP references in the HTML source.
The Fix
Update all resource URLs to HTTPS. Images, scripts, fonts, iframes — everything. Use protocol-relative URLs (`//example.com/image.jpg`) or absolute HTTPS URLs.
Search your database and templates for `http://` references. Replace them with `https://`. If you have not migrated to HTTPS yet, read our HTTPS migration checklist first. Not sure which SSL certificate to get? Spoiler: the free one is fine.
Quick fix. Big impact on trust signals. Part of our 113-task checklist. Free. No credit card.