1. Home
  2. Docs
  3. SiteLint
  4. Privacy Rules
  5. mixed-content-on-https

mixed-content-on-https

Print this article

    Description

    This rule determines if the location for specified resources (image, audio, video, object, script, link, iframe) uses insecure protocol http on https site connection. This is called mixed content.

    Purpose

    A user’s connection with the web server is encrypted with TLS when they access a website that is provided over HTTPS, protecting them from the majority of sniffers and man-in-the-middle attacks. A mixed content page is an HTTPS page that includes content that was fetched over cleartext HTTP. As a result, sniffers and man-in-the-middle attackers can obtain unencrypted content on pages like this one that is only partially encrypted. The pages are now risky as a result.

    An example of how this is being reported in the Developer console:

    mixed content http on https connection

    How to fix it

    • Ensure the site serve all resources through https connection.
    • Check all links to external sites and make sure they have specified https:// protocol.

    Standard

    Privacy, Best Practice

    Was this article helpful to you? Yes No