Why is my website displayed as insecure despite an active SSL certificate?

The error message that a website encrypted with SSL could not establish a secure connection is very confusing at first glance. Often, behind this error message there is actually so-called “mixed content”. What exactly this is and how you can fix the error message or the “mixed content” is described in this article.

1. What does “mixed content” mean?

"Mixed content" means that when you access a website secured with an SSL certificate (https), parts of it are accessed via an unsecured connection (http).

As a result, the website is only partially encrypted, which can also pose a security problem.

Calls via the HTTP protocol are more susceptible to hack attacks, which is why many browsers are increasingly actively blocking "mixed content" and no longer displaying it.

The security warning that is displayed in Firefox, for example, is completely eliminated in some Chromium-based browsers - but the underlying problem remains.

2. How do I fix the error message?

With the help of the developer tools or developer console integrated in your browser, as well as directly with the source code, you can find out which parts of your website are accessed over an insecure connection.

Depending on the browser, you can find these hidden in the settings or access them in Chromium-based browsers using the key combination CTRL+SHIFT+I (Windows/Linux) or OPTION+COMMAND+I (Mac OS).

In these tools there is a sub-item called "Console", where all errors discovered by the browser are displayed on the page - including content loaded via HTTP.

All of this content loaded via HTTP must be converted to a secure HTTPS connection either in the source code of your website or in the underlying database so that the error message is resolved and the content is only delivered securely.

Feedback on the article: