This rule determines if the location for specified resources (
iframe) uses insecure protocol
https site connection. This is called mixed content.
A user’s connection with the web server is encrypted with TLS when they access a website that is provided over HTTPS, protecting them from the majority of sniffers and man-in-the-middle attacks. A mixed content page is an HTTPS page that includes content that was fetched over cleartext HTTP. As a result, sniffers and man-in-the-middle attackers can obtain unencrypted content on pages like this one that is only partially encrypted. The pages are now risky as a result.
An example of how this is being reported in the Developer console:
How to fix it
- Ensure the site serve all resources through https connection.
- Check all links to external sites and make sure they have specified
Privacy, Best Practice