Does your website suddenly show a “Not secure” warning in Google Chrome even though your SSL certificate is valid? This could be because of Mixed Content on your website. But the question is, what is mixed content? And how does it affect your website? Let’s find out.
What is Mixed Content?
Mixed Content is detected by Google if your webpage has a mix of both secure and non- secure resources. This error warning can pop up even though your website has a valid security certificate (HTTPS), however, some of the resources used on your websites like images, videos, media, or scripts are served through insecure resources(HTTP).
Google does not encourage to have HTTP(non-secure) links on the backend/source code of your website.
Note: (We’ve observed that some SEO professionals get confused with Mixed Content as “Duplicate Content” since it contains the word “content”. However, Mixed Content is a completely different warning and has nothing to do with Duplicate content.)
How does Mixed Content affect your website?
There were concerns raised when Google announced that it will deal with mixed content more seriously in 2020. It also stated that Chrome will enforce a block on all non-secure resources(HTTP) which can even break a website.
What does this mean?
It means that if you have Mixed Content error on your webpage, Google Chrome will show the below messages to anyone who tries to access your website:
These messages will be displayed when a user tries to access your website even though you have a valid SSL certificate. Pretty scary, isn’t it?
So the next question is, how do you find this Mixed Content on your website and how do you solve this?
Let’s have a look at how we solved the mixed content issue for one of our clients- Mochi Shoes.
Mixed Content Analysis
We noticed that when we opened the Mochi Shoes website, it showed a “Not Secure” warning in Chrome:
The first thing we did is that we immediately checked the website’s SSL certificate.
Here’s how you can check the SSL certificate of your website:
- Open your website.
- Click on the “lock” security icon next to your website name. (“i” icon for HTTP websites)
- Now click on “Certificate”. You’ll get all the information related to your SSL certificate.
Much to our surprise, the SSL certificate of Mochi Shoes was valid. This initially caused a sense of confusion, but then we decided to check the website for Mixed Content.
How to find Mixed Content on your website?
As part of our initial analysis, we adhered to the following steps to check for mixed content on Mochi Shoes:
- Open your website.
- Press Ctrl+shift+i on your keyboard.
- Now click on the “security” tab.
- Refresh your page so that the “security” tab can log the changes.
- As illustrated in the image, we were immediately notified of the “mixed content” resource on the page.
- Click on “View request in Network Panel”
- The console will show you all the non-secure (HTTP) links/resources on your website.
- You can also check the source code of your website(Ctrl+u) and check for any “http://” URLs.
In addition to this, there are also certain online SSL checker tools that can help you identify mixed content on your website. Jitbit SSL Check is one such tool you can use to find non-secure resources.
Note: (These tools are not always 100% accurate/reliable. They can be used for initial analysis)
How to resolve the Mixed Content Issue on your website?
For Mochi Shoes, we identified that an image that was being requested from our CDN had an HTTP (non-secure) URL. Here’s the exact URL – “http://cdn.metrobrands.com/mochi/media/images/content/Thumbnail/Mojaris.png“.
As you can see, it was a non-secure HTTP resource which is why Google identified it as Mixed Content on our website.
We immediately informed the Client about this issue. And asked them to change the address of the image on the CDN to HTTPS.
If you are an SEO Agency and work closely with the developers of the website of your client, you can inform them about this.
Here are some steps you can follow:
- Run your website through a spider, like Screaming Frog.
- Identify all the URLs on your website. Make sure they are all HTTPS.
- If you find any non-secure HTTP URL, immediately find their source.
- Alternatively, you can also use an online tool to check for non-secure resources (they are not as reliable as compared to Manual Checks/Spiders)
- Make sure that all the HTTP resources on your website, including the images, scripts, videos are all converted to secure HTTPS URLs.
Why is it important to fix Mixed Content issues on your website?
Google has gone full berserk on Mixed Content as they are now more focused towards security for its users. Mixed content presents a security risk for both visitors and the website. Outlined below few factors that prove how dangerous mixed content can actually be:
Mixed Content weakens the security of your website
Google believes that mixed content weakens your secure HTTPS URLs.
It does make sense. If you are paying for an SSL secure connection, why would you want non-secure resources to hamper your security? It is better to use secure HTTPS connections for all resources on the website.
Mixed Content makes your customers lose trust in you
Non-secure resources are vulnerable to attackers who can steal your data. But what it also does, is that it leaves a bad impression on your users’ minds.
Just imagine, you are visiting a shopping website, you added items to the cart, and now you are entering your card details. Suddenly you see a “Not secure” warning at the Payments page. This would totally be a let down for any user. They don’t want their Card details to be vulnerable to any hackers and they are most likely to cancel the transaction.
Mixed Content is bad for SEO
Google has clearly stated that Security is one of their top-most priority. And secure HTTPS connection and secure content is an important ranking factor.
So, don’t expect better rankings if you aren’t deciding to purchase a secure HTTPS SSL certificate. Or are not going to eliminate mixed content on your website.
Google clearly does not like it when user experience is compromised. So if you really want to make sure your SEO game is strong, check for and eliminate mixed content ASAP.
With the announcement of Chrome 79, Google has taken strict measures to deal with non-secure connections. The “Not Secure” warning showing up even if only a few resources on your website are non-secure (HTTP) indicates how strict Google is about Mixed Content.
Although Google has said it will automatically convert HTTP resources to HTTPS if the subsequent HTTPS resource exists on the website. Do we really need to wait for Google to do it for us?
We need to be proactive to tackle the Mixed Content issue beforehand. It would take some effort to locate Mixed Content, but it is totally worth it. All your SEO optimization efforts will fall short if your competitors have a more secure connection and no mixed content. So we at Infidigit would advise you to change all your non-secure HTTP URLs to secure HTTPS URLs now!
Let us know in the comments section if you’ve come across the Mixed Content issue and how you dealt with it.
SEO Company in India | Digital Marketing Services | Ecommerce SEO Services | SEO Audit Services | Local SEO Services | What is SEO | What is On Page SEO | What is Digital Marketing | What is Technical SEO | Google Algorithm Updates | Google Reverse Image Search | SEO Periodic Table | What is Structured Data SEO | What is Cloaking | Types of SEO | What is Featured Snippet | List of HTTP Status Codes | Off Page SEO Techniques | What is PPC | Website Structure |