Mixed content is a security issue. It is part of a Content Security Policy (CSP).
For the longest time since the birth of the Internet, there was no requirement for websites to have the secure transport HTTPS protocol to display web content over browsers like Google Chrome. Traffic and data requests from sites without HTTPS were transmitting information in the clear.
However, with the rise of cyber criminals’ activities, increasing financial transactions, and issues around personal data, the need for secure transmission becomes critical.
With effect from July 2018, Google’s web browser, Google Chrome, started flagging out websites that are not HTTPS compliant. Google requires data and traffic information to be encrypted and transmitted from the browser to the web server and vice versa over HTTPS. In this manner, both the website and users will not be prone to an attack.
Website owners who handle transactions online started implementing SSL certificates to give their site visitors peace of mind that they are conducting their purchases on a secure site.
With privacy laws quickly being implemented by many countries, companies and organizations soon followed sue to enforce the HTTPS protocol to safeguard private data provided by their customers over the web.
Mixed content occurs for websites that were designed and uploaded under an HTTP URL and later converted to HTTPS via way of implementing a SSL certificate.
Mixed content is a security loophole. It exposes your web traffic during transmission.
Despite the HTTPS web link, some content on the website, such as videos, images, and scripts, are, however, still transmitting over the not secure HTTP connection.
Hence you have an issue of mixed content from HTTPs and HTTP, loading on a page.
Any data transmitting over the non-secure HTTP exposes the website to attacks through “man in the middle attack” techniques. By intercepting these unsecured transmissions, cybercriminals can now gain access to your data like login credentials and credit card details.
This mixed content issue must be quickly fixed to ensure ALL content is transmitted through the secure HTTPS protocol before a data breach occurs.
As a site owner, you want to fix this before it is too late.
As part of our web security offering, we can scan and fix these mixed content issues.