What is a mixed content warning?
At Hostinger, all websites hosted on our Web, WordPress, and Cloud Hosting plans include a free SSL that is installed and enforced automatically - that is, the connection is set to go through HTTPS instead of HTTP.
If the website contains elements that are still loaded over an HTTP connection, a mixed content warning will appear. You can check it from your browser console:
How to fix a mixed content warning
We have prepared detailed guides on how to fix the mixed content error for the most popular CMS. You can find them here:
If you are using a different CMS or have a custom-coded website, proceed with the steps below:
Step 1 - Check the configuration file
If your website has a configuration file, start there - your website’s URLs (or default content URLs) may be added there using the HTTP protocol:
In that case, simply replace http with https.
Step 2 - Check the source code file
If you are a website developer, and the mixed content issue is visible on specific pages only, the Why No Padlock tool can help you easily detect which pages have mixed content issues.
Once you have found the page, open the page file using the File Manager and search by “http://”. Most likely, you will find the content in question:
Before replacing http with https for these URLs, make sure that the content is available using a secured connection - open the URL and change HTTP to HTTPS in the browser address bar.
If the content is available - you can safely update the URL on your source file
If the content is not available, you can either replace it with another content available via HTTPS or host the content directly on your website. Alternatively, you can remove the content
Step 3 - Add a redirect rule to .htaccess
If the error persists after checking the configuration file and source code, you can add the following code to your website's .htaccess file:
Header always set Content-Security-Policy: upgrade-insecure-requests
Save the changes and visit your website from an incognito window - it should load fully secured 💪
This option is not recommended if your website uses symlinks
If your website does not have an .htaccess file, you can create it