This page is designed to trigger mixed content detection in the HTTPS Mixed Content analyzer (025). It deliberately references resources using HTTP protocol on what should be an HTTPS-only site. Browsers block active mixed content and warn about passive mixed content, making this a significant security and user experience issue that needs to be detected and reported during site audits.
The following elements load active resources via HTTP, which browsers will block entirely:
The following elements load passive resources via HTTP. Browsers may display a warning but typically still load them:
Additionally, this page has its canonical URL set to HTTP instead of HTTPS, and the Open Graph tags also use HTTP URLs. These are common oversights during HTTPS migration that can cause indexing and social sharing problems. The canonical URL signals to search engines which version of the page is authoritative, and having it on HTTP when the site is served over HTTPS sends conflicting signals about the preferred protocol.
Visit our about page or check our services for more information about our testing methodology and the specific analyzer modules we use to detect these kinds of protocol inconsistencies across your entire website.
Modern web security best practices require all resources to be loaded exclusively over HTTPS. Mixed content vulnerabilities can allow man-in-the-middle attacks to inject malicious code through the insecure HTTP connections, compromising the security of the entire page despite the main document being served securely. This is why browsers have progressively tightened their mixed content policies over the years.