Secure Pages Include Mixed Content

The page includes mixed content, where some resources are loaded over unencrypted HTTP while the main page is served over HTTPS. This detector identifies scripts, stylesheets, images, or other assets that bypass the secure channel, creating potential security vulnerabilities.

Mixed content undermines the security guarantees of HTTPS by allowing man-in-the-middle attackers to intercept or modify HTTP resources. Attackers on the network path can inject malicious JavaScript into HTTP-loaded scripts, modify images to display phishing content, or alter stylesheets to hide security warnings. Even when the page itself is secure, compromised HTTP resources can fully undermine application security and user trust.

A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS. The page must not contain any content that is transmitted over unencrypted HTTP. This includes content from third party sites.