You see this warning when some elements on your website (images, scripts, stylesheets, etc.) are still loading over unsecured HTTP instead of HTTPS, even though your site has a valid SSL certificate.
Here’s how to resolve it completely:
- Update every resource link from http:// to https://. This includes images, CSS files, JavaScript files, fonts, iframes, and any other external resources.
- Replace any about:blank links with an actual blank page hosted on your domain using a secure https:// URL (e.g., https://yourdomain.com/blank.html).
- Check all iframes — if the src attribute is empty or set to “#”, change it to a valid secure URL.
To quickly find mixed-content items on your site, visit whynopadlock.com and enter your domain name in the search bar.
Once all resources load via HTTPS, the warning will disappear and your site will be fully secure.
