DNS & Infrastructure

Mixed Content Errors: Why Your Shopify Store Shows 'Not Secure'

Fix mixed content warnings that make your Shopify store appear insecure to customers and hurt your conversion rate.

mixed content https ssl browser warnings shopify
Last updated

What is Mixed Content?

Mixed content occurs when a secure HTTPS page loads some resources (images, scripts, stylesheets) over insecure HTTP. Your page is technically secure, but the insecure resources create a vulnerability—and browsers warn your customers about it.

Even one HTTP image can trigger a warning, making your Shopify store appear untrustworthy.

Why Browsers Show Warnings

When browsers detect mixed content, they respond in two ways:

Passive Mixed Content

Images, videos, or audio loaded over HTTP. Most browsers load these but show a warning (broken padlock, “Not Secure” message).

Active Mixed Content

Scripts, stylesheets, or iframes loaded over HTTP. Browsers typically block these entirely because they can modify the page or steal data.

Both types damage customer trust. Shoppers see warnings and abandon their carts.

Impact on Customer Trust and Sales

Mixed content warnings directly hurt your Shopify store:

  • Trust destruction: “Not Secure” warnings scare customers away
  • Cart abandonment: Customers won’t enter payment info on “insecure” pages
  • SEO penalties: Google penalizes sites with mixed content
  • Brand damage: Technical problems make you look unprofessional
  • Conversion loss: Every warning is a potential lost sale

Finding Mixed Content Issues

Browser Developer Tools

  1. Open your store in Chrome
  2. Press F12 to open Developer Tools
  3. Click the Console tab
  4. Look for “Mixed Content” warnings
  5. The console shows exactly which resources are loading over HTTP

Online Scanners

Tools like WhyNoPadlock.com or JitBit’s SSL checker scan your pages and report mixed content issues.

Systematic Review

Check pages that frequently have issues:

  • Product pages with imported images
  • Blog posts with embedded media
  • Pages using third-party widgets
  • Custom theme modifications

Fixing Common Mixed Content Problems

Product Images from External Sources

If you imported product data with HTTP image URLs:

  1. Update image URLs to HTTPS (many servers support both)
  2. Re-upload images to Shopify’s servers
  3. Use find-and-replace in your product database

Custom Theme Code

Review your theme for hardcoded HTTP URLs:

  1. Search theme files for http://
  2. Replace with https:// or protocol-relative URLs (//)
  3. Test after each change

Third-Party Scripts

Widgets, chat tools, or analytics scripts loading over HTTP:

  1. Check if the provider offers HTTPS versions
  2. Update script URLs in your theme or app settings
  3. Contact the provider if no HTTPS option exists

Embedded Content

Blog posts, product descriptions, or pages with embedded HTTP content:

  1. Edit the content and update URLs
  2. Use relative URLs where possible
  3. For iframes, ensure the source supports HTTPS

Preventing Future Issues

Use Protocol-Relative URLs

Instead of http://example.com/image.jpg, use //example.com/image.jpg. The browser will use whatever protocol the page uses.

Host Assets on Shopify

Shopify’s CDN serves everything over HTTPS. Upload images to Shopify rather than linking to external servers.

Review New Integrations

Before adding new apps or widgets, verify they load all resources over HTTPS.

Regular Audits

Periodically scan your store for mixed content, especially after adding products or modifying the theme.

How Recon Helps

Recon monitors your store security by:

  • Scanning for mixed content issues across your pages
  • Alerting you when insecure resources are detected
  • Identifying specific URLs causing problems
  • Tracking fixes to ensure issues are resolved

FAQ

Q: My SSL certificate is valid—why am I still seeing warnings?

A: The SSL certificate encrypts the connection, but mixed content warnings are about resources loaded on the page. Even with a valid certificate, HTTP resources trigger warnings.

Q: Can a Shopify app cause mixed content?

A: Yes. Apps that inject scripts, widgets, or images may use HTTP if not properly configured. Check your installed apps if you can’t find the source of mixed content.

Q: Will fixing mixed content affect my SEO?

A: Positively. Fixing mixed content removes warnings, which improves user experience signals. Google also prefers fully secure sites, so fixing issues can help rankings.

Want us to monitor this for you?

Run a free brand security audit with Recon and see your vulnerabilities in minutes.

Run Free Audit

Related Articles

DNS Security for Shopify Merchants

Learn how DNS works and why proper configuration protects your Shopify store from impersonation attacks.

A Records and CNAME: Connecting Your Domain to Shopify

Learn the difference between A records and CNAME records and how to properly configure them for your Shopify store.

SSL Certificates: Securing Your Shopify Store's Connections

Understand SSL/TLS certificates, the padlock icon, and how secure connections protect your Shopify customers.

Back to Knowledge Base