Types of Mixed Content

Types of Mixed Content

Browsers categorize mixed content into passive and active types. Passive mixed content includes images, videos, and audio files loaded over HTTP. While browsers typically allow passive content with warnings, it still breaks the secure connection indicator. Active mixed content encompasses scripts, stylesheets, iframes, and other executable resources. Browsers block active mixed content by default due to severe security implications.

Identify mixed content using browser DevTools:

// Console filter for mixed content
// Chrome: Filter by "Mixed Content"
// Firefox: Look for "Loading mixed (insecure) content"

// Programmatically find insecure resources
Array.from(document.querySelectorAll('*')).forEach(element => {
    ['src', 'href', 'action', 'data'].forEach(attr => {
        const value = element.getAttribute(attr);
        if (value && value.startsWith('http://')) {
            console.warn('Insecure resource:', element, attr, value);
        }
    });
});