Mixed content (HTTP on HTTPS) explained

What it is

Mixed content occurs when a page is loaded over HTTPS but requests resources (scripts, images, styles, iframes) over HTTP. Browsers block or warn on mixed content because it undermines the security of the page.

Why it matters

Attackers can intercept or replace HTTP resources (e.g. replace a script). Active mixed content (scripts) is usually blocked; passive (images) may still leak or be tampered with. Fixing mixed content is required for a fully secure HTTPS site.

How Barrion checks it

Barrion loads your HTTPS pages and checks for any resources requested over HTTP. We report which URLs are mixed and where they appear. The mixed content check is passive and read-only.

Run this check →Fix guide

Related

Secure Your Company's Web Apps

Trusted by CTOs, dev teams, and agencies for compliance monitoring and audit-ready security reports.
Get detailed security reports with actionable fixes in under 60 seconds.

Barrion logo icon

Barrion delivers automated security scans and real-time monitoring to keep your applications secure.

Quick Links

For teams

Company

Contact us

Have questions or need assistance? Reach out to our team for support.

[email protected]
Send email icon

© 2025 Barrion AB (559569-0917) - All Rights Reserved.