Community Tip - Fixing mixed content errors


Try the suggestions in this Community Tip to help you fix mixed content errors.

Did you notice the green padlock :lock: missing from your browser when connecting over HTTPS? That is likely a mixed content issue. Mixed content errors mean that your website is being loaded over HTTPS, but some of the resources are being loaded over HTTP. In this case, the site will show as not secure.

Quick Fix Ideas

  1. To fix this, you will need to edit your source code and change all resources to load over a relative path, or directly over HTTPS. For example, if you load your images with a full URL, <img src="" />, you would want to change this to <img src="//" />. By removing the http:, the browser will use whichever protocol the visitor is already using.

  2. Install a mixed content fixer plugin which should automatically replace the http with https in these sections. For Wordpress, we have had success with the SSL Insecure Content Fixer plugin.

  3. Enable the Automatic HTTPS Rewrites on the Crypto tab to potentially fix these errors automatically. Resources loaded by JavaScript or CSS will not be automatically rewritten and mixed content warnings will still appear. In Google Chrome, if you notice a small shield with a red X, that indicates a script is being called via http and causing the mixed content issue. Automatic Rewrites will not fix that issue, you will need to edit your source code as described above.

  4. Mixed content issues are most often associated with Flexible SSL. Check to see if your SSL setting is Full or Flexible mode by logging into your Cloudflare dashboard and clicking on the Crypto tab to check the SSL setting.

  5. Failing the above and a more complex approach is to change your Content Security Policy Header always set Content-Security-Policy: upgrade-insecure-requests, or block-mixed-content. From Wikipedia, Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

Lite Reading

Background Resources
Knowledge Base

Research The Issue

If You Need More Help
This community of other Cloudflare users may be able to assist you, if not, login to Cloudflare and then contact Cloudflare Support. When you contact support, make sure to include as much of this information as possible: error messages, screen shots, and/or HAR file(s).

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments that start with words like: “The three things I always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips click here.

Çevirmek…traduzir…翻译…traducir…Traduire…Übersetzen…:globe_with_meridians: Translate

Error Content Mixed
How to set NameServer with IP (and Page Rules for Flexible SSL)
SSL certificate help
Problema con ssl en imágenes
Newbie trying to get https
SSL Disappearing even when on full
Can't do a speed test, site not found!
No nameservers displaying when setting up a new domain
Shows NOT SECURE on top left tab of the browser on my website
Probleme in my ssl
DNS server IP address could not be found
Why website address doesn’t have the green lock?
SSl "Candado" desaparece al cargar mi página web
Switching url to https causes a 404 error
Showing another unknown page design
Fixing Mixed Content Errors
Issue with SSL
I just started using CloudFlare and my website doesn't show any CSS
Unable to Fix Mixed Content Issues
My .app domains won't display CSS, forces basic HTML. What's happening?
Failed to convert site from Http to Https
My domain redirects to another domain while accessing https URL
HTTPS not working. Cloudflare setting says protecting your site(https:// is active)
Flexible SSL not working on my site
Active Certificate: Website still not secure
Are folders protected?
Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button:
Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button:
Webpages are Broken after Server Name Change @CloudFlare
Website loading pre site landing page when Cloudflare is on
Site NOT SAFE How to solve this issue?
DNS not probagating
Error in the web (ssl )
[DNS isse] Error 526
Ssl not working perfectly
Message: Your connection is not fully secure
Help.....plz help
SSL not active even after 3 days. It shows Authorizing Certificate
Web site iFrame not visible if ssl enabled
SSL says it's active, site still shows HTTP
Why do http or https change my site
SSL On Website
CloudFlare Free SSL working On Desktop Website But Not On Mobile
SSL Certificate not working for two sites?
How configure the Cloudflare Nameservers?
Dedicated SSL
SSL Cert Not Working on 1 of 4 URLS
Problemas con SSL
Cloudflare is blocking a resource causing it to be http, not https
Gallery by bestwebsoft does not work with cloudflare
My wordpress site don't load theme file (css,js,fonts,icons) successfully
I need help with Cloudflare's SSL Certificate
Style went wrong after ssl
Unable to post , and modify post
Brand logo from my website gone, immediately de-installed cloudflare :(
Contenido no seguro bloqueado (No se carga el CSS ni Scripts)
I am facing ssl problem
JS and CSS shows error 522 when Caching is on
Ssl with infinityfree
Images Not displaying of my site
SSL says it's active, site still shows HTTP
Some images not loading
SSL WOrdpress not working
Community Tip - All Published Tips
Green Lock is not showing
I have a problem with my website, I can change the DNS
Status "Operational" but I'm still offline
My website is unreachable after changing SSL to FULL
How can I fix my SSL and redirections?
After install ssl
My website gets called twice
Js and Css doesn't work
My website is showing Not Secure in browser
My website is showing Not Secure in browser
SSL error message site is not secure
pinned #2
closed #3

This topic was automatically closed after 14 days. New replies are no longer allowed.