Home / Tools / Fix mixed content — load every resource over HTTPS
Content & Files · Scan Check Guide

Fix mixed content — load every resource over HTTPS

30 min Impact: medium Effort: low ✓ Scan-verified — no manual checkbox

An HTTPS page that loads even one resource — an image, a script, a stylesheet — over plain HTTP breaks the security guarantee for the entire page, and modern browsers actively block the worst cases (active mixed content like scripts) while silently degrading others.

An HTTPS page that loads even one image, script, or stylesheet over plain HTTP breaks the security guarantee for the whole page and triggers visible browser warnings.

How to fix it

  1. 1
    Find every hardcoded http:// reference
    Search your templates, CSS, and CMS content for src= or href= pointing to http:// URLs on any domain, including your own.
  2. 2
    Update each to https://
    Most resources — your own images, common CDN-hosted libraries, fonts — have an HTTPS version available; update the reference directly.
  3. 3
    Use protocol-relative or relative URLs where sensible
    Referencing //example.com/asset.js or /asset.js instead of hardcoding https:// prevents this from recurring if you ever change protocols again.
  4. 4
    Check old CMS content specifically
    Blog posts or pages written years ago, before your site had HTTPS, are the most common source of leftover http:// image references.

Common mistakes

How you'll know it's done

No resources on any HTTPS page load over plain HTTP — browser console shows zero mixed-content warnings.

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →