What 'mixed content' is and how it can affect your HubSpot website
July 1, 2019 | 2 min read time
Topics: HubSpot developers, HubSpot tips
Take yourself back to high school. Your parents are out of town so of course you're going to invite some friends over. Maybe you'll have some pizza and watch Adam Sandler movies (the ones from the 90s when he actually cared about being funny). Ok, this is obviously not your high school story anymore. It's mine. Just go with it. You only invited a few people over but your friends invited their friends and before you know it someone you don't know is microwaving your mom's jewelry and there's a hole in your refrigerator. Congratulations, you just let in "the troublemakers", or, as we call it in the internet world, "mixed content".
'Mixed content' refers to website assets that are delivered via 'http' AND 'https'. Ideally, we want all of our web content to be delivered over 'https' rather than 'http' so we know it's secure. Think of 'https' as your friend. You could let them in your house without worrying they'll steal your dad's rare coin collection. When we have a mix of both 'http' and https' we get a 'mixed content' warning in the browser. This can have negative effects on user experience and the overall functionality of your website.
So now what do you do? You've already opened the door and the troublemakers are scattered all over your site. How do you deal with all the nonsecure 'http' content? The easiest way is to use an SSL checker to scrape your site and identify pages that trigger a 'mixed content' warning.
If you use an SSL checker like MissingPadlock, you'll be able to see every page on your site that has a 'mixed content' warning. Once you know which pages to look at, navigate to that page in your browser, open up the inspector (or view the page source) and search for 'http'. When you locate an 'http' reference, trace it back to the source in the backend and correct the link.
For example, if you find that an image is being referenced via 'http', in most cases you should be able to substitute 'https' to correct the 'mixed content' warning. Do this for all the 'http' references on your site and run the SSL checker again and marvel at how far you've come in life. And next time you see your friends, rather than telling them that you spent the weekend scraping your site for mixed content, just tell them you caught someone boiling your shoes and promptly kicked them out of your house. I promise the conversation will be more interesting.