← Back to glossary

🧩

Mixed Content

Web Security

TLS (Transport Layer Security) HTTPS Man‑in‑the‑Middle (MITM) Attack Security Headers

Secure origin embedding insecure subresources.

Definition

Mixed content occurs when an HTTPS document requests HTTP subresources. Active mixed content (scripts) can compromise the security of the page.

In plain English Secure origin embedding insecure subresources.

Why this matters

Why it matters: It weakens transport security guarantees and can enable MITM injection, tracking, or session compromise.

Example

Example: HTTP JavaScript loaded into an HTTPS checkout page.