seo search engine optimization link building agencyseo search engine optimization link building agencyseo search engine optimization link building agencyseo search engine optimization link building agency
  • SERVICES
    • Managed SEO
    • Link Building
    • White Label SEO
    • Content Writing
    • SEO Audits
    • PPC Management
  • TOOLS
    • Backlink Checker
    • Site Audit
    • Broken Link Tool
    • Robots.txt Tester
    • Sitemap Validator
    • Site Speed Tester
    • Title Tag Checker
    • AI Content Writer
    • SEO Training
  • WHY US
    • Case Studies
    • Our Process
    • Our Team
    • Our History
    • Acquisitions
    • Become a Writer!
  • BLOG
  • CONTACT
GET STARTED
✕
How to Optimize Your Website Footer
How to Optimize Your Website Footer
February 26, 2021
Digital Marketing Vanity Metrics
Vanity Metrics in SEO: Digital Marketing Vanity Metrics To Know & Avoid
March 2, 2021

Facts and Fixes for Mixed Content in SEO

Last Updated by Timothy Carter on March 2, 2021
What Is Mixed Content in SEO?

Ever since December of 2019, mixed content has been effectively blocked by Google Chrome.

Did you notice a difference in your browsing experience?

The truth is mixed content is often hard for users to detect – and many webmasters don’t even know what it is or how it works. But if you have an abundance of mixed content on your site, not only will it negatively affect your user experience, it could also tank your SEO rankings.

Confused?

Don’t worry. In this guide, we’ll teach you everything you need to know about mixed content, including what it is, how to find it, and how to correct a mixed content issue on your site.

Table of Contents

  • What Is Mixed Content?
  • SSL Certificates and Mixed Content
  • Active vs. Passive Mixed Content
  • Why Mixed Content Is Blocked by Google
  • How Mixed Content Affects SEO
  • How to Find Mixed Content on Your Site
  • How to Fix a Mixed Content Issue

What Is Mixed Content?

What is mixed content?

As a web user, you can access webpages on the internet by submitting a request with an application layer known as hypertext transfer protocol (familiarly known as HTTP). This protocol makes it possible to access the HTML code of a site.

Modern webpages are often secured, allowing them to communicate securely over a computer network. Secure websites are given the HTTPS designation.

A webpage with mixed content is one that contains both HTTP and HTTPS material. You may access a secured, HTTPS page of a given website, but there could be scripts, images, videos, and other types of content that are served with a standard, insecure protocol (HTTP).

SSL Certificates and Mixed Content

SSL Certificates and Mixed Content

Security is the new standard. According to Google, Chrome users spend approximately 90 percent of their total browsing time on websites that utilize HTTPS – and that’s for both desktop and mobile users.

To give your website the HTTPS designation and utilize the HTTPS protocol, you’ll need to have an SSL certificate in place. You can purchase an SSL certificate through your domain registrar.

SSL certificates serve as a way to verify your website’s identity. When users submit information on your site, such as their password, email address, and credit card information, it will be encrypted, and therefore only visible when the proper key (your SSL certificate) is used to unlock it.

Once a secure connection has been formed between a web browser and a web server using HTTPS, all traffic between those network nodes will be secured.

However, if your SSL certificate expires, or if it’s rendered invalid in another way, web users will encounter a warning message instructing them that “Your connection is not private.” Though users can still power through this warning message, it will be a deterrent to most users.

Active vs. Passive Mixed Content

There are two types of mixed content to familiarize yourself with: active and passive.

Passive mixed content includes any type of content that is isolated from the rest of the page. It usually includes images, video, audio, and other media content. With passive mixed content, man-in-the-middle attacks are harder to execute, so they’re seen as less of a threat; however, passive mixed content is still a problem.

A motivated attacker can take advantage of open HTTP requests to view an image or video on your site and swap it out for something different. In a relatively innocent maneuver, an attacker could use this as an opportunity to vandalize your site with vulgar images. In a more complex attack, an attacker could replace your images with clickable ads leading to other sites, and possibly to a phishing scam.

Additionally, an attacker could attempt to track the users of your site with mixed content requests, even if they don’t interfere with your content directly.

By contrast, active mixed content does interact with the entire page. It includes things like stylesheets, scripts, iframes, and other types of code that a web browser can download and/or execute. It’s inherently more dangerous because a motivated attacker can use it to get away with almost anything within that page.

For example, an attacker could completely rewrite the content of your page or use it as a vector to gain control of your entire website. They could display a totally different set of content, steal user session cookies, or more commonly, steal user login credentials.

Why Mixed Content Is Blocked by Google

Why Mixed Content Is Blocked by Google

After learning about how serious a threat mixed content can be, it should be clear why Google decided to start blocking mixed content.

Starting in December 2019, Google announced that Chrome would gradually evolve to block all mixed content by default on all web pages. As far back as 2018, Chrome would notify users when visiting a site without HTTPS with a message that the site is “Not secure.”

There are three main principles behind this decision:

  • Security concerns. Obviously, Google has a vested interest in keeping web users secure when using Google products. If you visit a webpage with active mixed content unwittingly and enter your login credentials, an attacker could intercept those credentials and begin working to steal your identity in a matter of minutes.
  • Confusion and user experience. Mixed content is also ambiguous, confusing, and damaging to the average user experience. Because of mixed content, a user may believe they’re accessing a secure site (thanks to the HTTPS designation in the URL), but they may unsuspectingly be accessing a page with content served over an unsecured HTTP protocol. In other words, the page appears to be secure, but is not fully secure. It’s both secure and unsecured at the same time. Rather than attempting to explain the nuances of this situation to every user who happens across it, Google opted to simplify things by blocking all forms of mixed content directly.

How Mixed Content Affects SEO

As far back as 2014, Google has confirmed that HTTPS and website security were ranking signals. In other words, upgrading your site with an SSL certificate was a demonstration of trustworthiness and authority significant enough to increase your rankings in Google search results.

But does mixed content actually hurt your rankings?

The short answer is yes.

For starters, understand that more than 90 percent of popular webpages now utilize HTTPS to make their websites more secure. They’re benefitting from HTTPS security as a ranking factor; if your site isn’t properly secured, you’re going to suffer from a competitive disadvantage.

Additionally, when a user encounters a webpage with mixed content, they’re going to see a warning message telling them that they’re accessing unsecured content. Most users who see this will immediately click away and find a different site, leading to higher bounce rates.

Higher bounce rates and less user engagement mean you’re going to see a drop in search engine rankings – even if you don’t see a manual penalty from Google directly.

But you also have to remember that mixed content is about more than just search rankings; it’s also about the security of your users and the reputation of your business. Even if mixed content had no direct bearing on your search engine rankings, your users would still be met with a terrible first impression when visiting your site for the first time.

It’s vital for the success of your business that you find and correct any mixed content issues on your site.

So how do you do it?

How to Find Mixed Content on Your Site

There are a few different ways to find mixed content on your site.

For starters, you could try accessing various pages of your site using a Google Chrome browser. Since Chrome automatically blocks content and displays a warning message when it finds mixed content, you’ll get an immediate and undeniable red flag if you have any mixed content to fix.

Of course, this is a manual and time-intensive approach. You’re typically better off using a website audit tool or working with an SEO agency to run a full site audit. This audit will alert you not just to any instances of mixed content on your site, but also technical onsite SEO issues such as missing meta tags, slow loading times, and mobile optimization issues.

How to Fix a Mixed Content Issue

If you have a mixed content issue, you’ll want to fix it as soon as possible to improve your SEO rankings, increase user trust, and keep your customers and web users secure.

Here’s how to do it:

  1. Locate the mixed content. Head to the source code of the page in question and see if there are any URLs with “HTTP” instead of “HTTPS.” If you view the source code in a Google Chrome browser, you’ll get visual warnings where these instances occur, so it should be easy to spot even if you’re not an experienced web developer.
  2. Find the HTTPS version. If you’re loading an image, script, or other type of content with HTTP, see if there’s an HTTPS version available. If so, all you have to do is add an “S” to the URL and you’ll be back in business.
  3. Find an alternative. If your chosen resource isn’t available with an HTTPS URL, you’ll have to find an alternative solution. You may be able to find an identical copy of this resource on a secure site elsewhere. You may be able to download the content and host it on your own secure server. And if all other options fail, you can consider omitting the content altogether or finding a replacement for it.
  4. Check to see if the error is resolved. Once you apply the fix, see if the error has been resolved. If you’re successful, you should no longer see a warning message about mixed or insecure content when visiting this webpage in Chrome. If you continue to see a warning message, it means there may be other mixed content issues to resolve; head back to the source code and repeat these steps to get closer to success.

Does your site have a mixed content problem? Or are you struggling to rank, but unsure what the issue is? You may benefit from the help of a professional SEO agency. Contact us today for a free consultation!

  • Author
  • Recent Posts
Timothy Carter
Timothy Carter
Chief Revenue Officer at SEO.co
Industry veteran Timothy Carter is SEO.co’s Chief Revenue Officer. Tim leads all revenue for the company and oversees all customer-facing teams - including sales, marketing & customer success. He has spent more than 20 years in the world of SEO & Digital Marketing leading, building and scaling sales operations, helping companies increase revenue efficiency and drive growth from websites and sales teams. When he's not working, Tim enjoys playing a few rounds of disc golf, running, and spending time with his wife and family on the beach...preferably in Hawaii.

Over the years he's written for publications like Forbes, Entrepreneur, Marketing Land, Search Engine Journal, ReadWrite and other highly respected online publications. Connect with Tim on Linkedin & Twitter.
Timothy Carter
Latest posts by Timothy Carter (see all)
  • How to Optimize for “People Also Search For” or “People Also Ask” - June 27, 2022
  • Content Marketing: An SEO’s Guide to Content Marketing - June 1, 2022
  • How to Fix a Website Traffic & Impressions Plateau - May 23, 2022
Share
0
Timothy Carter
Timothy Carter
Industry veteran Timothy Carter is SEO.co’s Chief Revenue Officer. Tim leads all revenue for the company and oversees all customer-facing teams - including sales, marketing & customer success. He has spent more than 20 years in the world of SEO & Digital Marketing leading, building and scaling sales operations, helping companies increase revenue efficiency and drive growth from websites and sales teams. When he's not working, Tim enjoys playing a few rounds of disc golf, running, and spending time with his wife and family on the beach...preferably in Hawaii. Over the years he's written for publications like Entrepreneur, Marketing Land, Search Engine Journal, ReadWrite and other highly respected online publications.

Related posts

How to Use Google Autocomplete to Perfect Your Content Strategy
July 4, 2022

How to Use Google Autocomplete to Perfect Your SEO & Content Strategy

Read more
How to Optimize for "People Also Search For" or "People Also Ask"
June 27, 2022

How to Optimize for “People Also Search For” or “People Also Ask”

Read more
Link Reclamation: How to Reclaim Lost Backlinks
June 20, 2022

Link Reclamation: How to Reclaim Lost Backlinks

Read more
Inc 5000 Logo

Our Services

  • SEO Services
  • Link Building Services
  • White Label SEO
  • Content Writing Services
  • Amazon SEO
  • PPC Management
  • Public Relations
  • Brand Mentions
  • SEO Site Audits

SEO Resources

  • SEO for Beginners
  • Link Building Guide
  • Local SEO
  • Online Marketing
  • Digital Marketing
  • Content Marketing
  • SEO Reseller
  • Backlink Checker
  • Keyword Research
  • Google Ranking Factors

About SEO.co

  • About Us
  • SEO Team
  • SEO Blog
  • SEO Clients
  • SEO Tools
  • Markets Served
  • Locations Served
  • Client Login
  • Contact

Contact Us

Email: info@seo.co
Call: +1 (877) 545-4769
Address: 1425 Broadway Suite 22689
Seattle, WA 98112
White Label SEO Agency
  
Outwrite. Outrank. SEO.
© 2022 SEO.co. All Rights Reserved
Privacy Policy | Sitemap
PPC.co // DEV.co // Website.Design
An Invest.net Partner
    GET STARTED
      We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of all the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
      Cookie SettingsAccept All
      Manage consent

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
      CookieDurationDescription
      cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
      cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
      cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
      cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
      cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
      viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
      Functional
      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
      Performance
      Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
      Analytics
      Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
      Advertisement
      Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
      Others
      Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
      SAVE & ACCEPT