What it is
Mixed content occurs when a page is loaded over HTTPS but requests resources (scripts, images, styles, iframes) over HTTP. Browsers block or warn on mixed content because it undermines the security of the page.
Why it matters
Attackers can intercept or replace HTTP resources (e.g. replace a script). Active mixed content (scripts) is usually blocked; passive (images) may still leak or be tampered with. Fixing mixed content is required for a fully secure HTTPS site.
How Barrion checks it
Barrion loads your HTTPS pages and checks for any resources requested over HTTP. We report which URLs are mixed and where they appear. The mixed content check is passive and read-only.
Configuration examples
add_header Content-Security-Policy "upgrade-insecure-requests" always;Verify it
curl -sI https://example.com | grep -i content-security-policy