This article is a part of our Web Security Knowledge Base (back to index)
Why “Secure Pages Include Mixed Content” can be dangerous
A web page accessible via HTTPS contains mixed content. It means that some content is transmitted via HTTP instead of HTTPS therefore the web page contains non-secure elements.
Non-encrypted data can be eavesdropped or replaced. The worst scenario would be encountering active mixed content. While most browsers block such behaviour, some of them make this kind of attack possible to end in a complete take over of behaviour and look of the website.
How to fix “Secure Pages Include Mixed Content”
Pages available over SSL/TLS must include only content transmitted over SSL/TLS and must not contain any content transmitted over unencrypted HTTP. This also includes any content from third party websites.
Ensure that all content on the page, including additional resources and libraries are loaded using secure communication SSL/TLS.
How does ScanRepeat report “Secure Pages Include Mixed Content”
ScanRepeat analyzes each HTTP response accessed via secure communication and reports every occurence of page content which is loaded using HTTP.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now