Ughhh, this is frustrating. I just did a website audit with SE Ranking (It took forever) and it has a ton of critical errors. Im not sure how to fix this one which is 457 of them: 457 Pages with mixed content Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources. Any idea on how to fix this?
Some good info here that may help: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
Yeah, SE Ranking sent me that article, but it didn't help me much. I took some of the URL's that they told me was getting mixed content and fed it into a site that checks for that error and they all came up clean. I don't know what to think.
Are you running ads on your site? if so, what ad network? Its possible some of the ads being served are coming over HTTP instead of HTTPS.
For such cases, I personally use HTTPS Mixed Content Locator Chrome plugin. It shows "No Mixed Content Detected" on your site though. If your content is not rotated, it could be a SE Ranking bug.
I ended up contacting SE Ranking and they said: The site is flagged fr having mixed content because one of its elements is still using HTTP. Here's a Screenshot: https://monosnap.com/file/h7tRG4pxMRUUFiVYkiZmvhBai81g8W I have no idea what that Http address is or where it came from! Any ideas?
I did find this after I Googled it, but I'm still confused and not sure what to do about it: https://wordpress.stackexchange.com/questions/173117/why-is-there-a-link-tag-with-rel-profile-pointing-to-gmpg-org
Try changing the link to https and see what happens, I tested the link and it works as a secure connection. https://gmpg.org/xfn/11
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
I'm not really sure how I'm going to do that since a I don't know where the link is coming from and be it's in WordPress and I wouldn't know how to change all the pages that it's affecting
I'm not a wordpress expert but I imagine it will be in the theme header file. You should only need to change it in the one file and it will show on all the pages.