Mixed content occurs when a secure HTTPS page still loads images, CSS, JavaScript, or fonts from insecure HTTP sources.
Common symptoms
- The padlock is broken after enabling SSL
- Stylesheets or images fail only on HTTPS
- Browser console reports blocked insecure resources
Troubleshooting steps
- Identify all insecure asset URLs using browser developer tools or page source inspection.
- Update application settings so the primary site URL uses HTTPS.
- Search templates, content editors, and database values for hardcoded
http://references. - If a CDN or external asset source is used, confirm it supports HTTPS.
- Clear application and CDN caches after correcting URLs.
Additional notes
- Mixed content can be active or passive; both should be cleaned up for a fully secure presentation.
- Third-party embeds are a common source of lingering HTTP assets.
When to contact support
Contact support if you cannot identify the source of the insecure references.