Mixed content is when a TLS (https) website loads non-TLS (http) resources. The latter will significantly reduce the protection provided by TLS on the parent website as it can be easily intercepted, modified and used for active attacks against the user.

Historically most websites were delivered over plaintext HTTP, without any encryption and server authentication, and TLS (then called SSL) was an expensive option reserved for e-commerce websites. As Internet became less safer place there was a trend to migrate all websites to TLS, especially with introduction of free TLS certificates and decrease in the cost of computing power.

Because of this modern browsers will block any dynamic mixed-content (such as JavaScript) and warn about loading static mixed content (such as images). Read more about active and passive mixed content

Fully automated RESTful API is now available. Subscribe for your free trial today!