When a secure (HTTPS) site requests an insecure (HTTP) resource, that is called a mixed content error. Some browsers block insecure resource requests by default. If your page depends on these insecure resources, then your page might not work properly when they get blocked.
Also, browsers may warn users that your page is not fully secure.
How to use this audit
This audit is not run by default in Lighthouse, and currently requires that you have Chrome Canary installed. To use it, you will need to run the Lighthouse command-line tool. You can install Lighthouse using npm:
npm install -g lighthouse
To run the audit, you can use the included
lighthouse --mixed-content http://www.example.com
This will create a new HTML report file in your current working directory.
For each URL that Lighthouse lists, modify your code to request that URL over HTTPS:
Rather than HTTP:
Even if you are not ready to fully upgrade your site to HTTPS yet, upgrading some URLS to HTTPS can increase the security of your users and make it easier for you to avoid mixed content warnings when you do upgrade to HTTPS in the future. See Uses HTTPS for recommendations on how to upgrade your site to HTTPS.
Insecure resources which are not upgradeable to HTTPS may require other changes. Contact the providers of these resources to explore your options.
Lighthouse loads the page once to record the URL of each resource requested. Then, Lighthouse loads the page again, but this time intercepts each request and tries to upgrade the URL to use HTTPS. If the upgraded requests succeed, Lighthouse reports that request as upgradeable in the audit results.