Skip to main content
All website issues
Security

Your site loads some content insecurely

What this means for your business

Your site is loading resources over an insecure connection. Modern browsers display a "Not Secure" warning in the address bar, which significantly damages visitor trust and can cause people to leave without converting.

How to fix it
Easy
15–30 minutes

  1. 1Identify the insecure HTTP resources: the scan detail will list the specific URLs loading over HTTP instead of HTTPS.
  2. 2Update all resource URLs in your HTML, CSS, and JavaScript to use HTTPS instead of HTTP. Even if the resource exists at the HTTPS URL, the browser will load the HTTP version if that's what you specified.
  3. 3In CSS, check for url("http://...") patterns in background-image declarations.
  4. 4In HTML, check for <img>, <script>, <link>, and <iframe> tags with HTTP URLs.
  5. 5Update your content to use protocol-relative URLs (//) or explicit HTTPS for all external resources.
  6. 6If you manage the server providing the insecure resource, enable HTTPS on it and update the URL.

On WordPress

Install the "Really Simple SSL" plugin — it scans and fixes mixed content issues automatically. Also run a search-replace in the database from "http://yoursite.com" to "https://yoursite.com" using the Better Search Replace plugin.

On Shopify

Shopify forces HTTPS automatically. Mixed content issues on Shopify are usually caused by content entered in the rich text editor with HTTP image URLs. Edit the content and update any HTTP image URLs to HTTPS.

Does your site have this problem?

SiteSprout scans your site, tells you which issues you actually have in plain English, and keeps watch so nothing breaks silently.

Scan your site free