You may have previously encountered such error as Mixed Content Error. In this article, we will explain you how to get rid of it, and why it occurs. We will discuss mixed content and the possible risks associated with it.
What is a mixed content?
Mixed content simply means unsafe content that is located on a secure website. This content could be text, images, scripts, objects, videos, etc. All of these objects are available via HTTP rather than HTTPS. If any of this content was downloaded by HTTP, then it is called mixed content or partially protected content.
All modern browsers are capable of identifying mixed content that is uploaded on your website. As a result, the browser shows a warning message that contains a red or a yellow triangle with a padlock icon in the URL bar. This warning message calls a Mixed Content Error.
How browsers detect the presence of a mixed content?
When a secure page loads in the browser, it checks for protected and unprotected content, presented on page. If the browser finds any unprotected content, it will immediately show an error message.
Please note that check only affects the loaded resources (videos, scripts, styles, etc.). If your site has links to HTTP-resource, the browser will not display any warnings. If a site has mixed content, then the browser will display a notification that site is partially protected. Such site is vulnerable to attack Man in The Middle. It can transmit insecure content.
What are the risks associated with mixed content?
Mixed content with HTTP dangerous for users because attackers can launch an attack “Man in the Middle”. This kind of attack give a chance for attackers to change the content, which can be replaced with a malicious code, or may be easily intercepted by a third party. As a result the risk of data leaks and the abduction of personal data is greatly increasing. Attackers can steal user data, personal information, financial data, etc.
A new function that allows developers to make sure that site runs over HTTPS was recently implemented in Chrome version 43. This feature gives an opportunity to esnure that this website will not be compromised by unprotected HTTP resources. The browser may attempt to transfer resources through HTTPS, even if they are defined as HTTP-resources.
To disable error Mixed Content Error on Chrome, simply paste the following code into the head section of the site (without spaces):
< meta http-equiv=”Content-Security-Policy” content=”upgrade-insecure-requests” >
This meta tag forces Chrome to perform your site without displaying notifications mixed content.