For a server to serve a page securely all items, including graphics, must be accessed using the https:// protocol.

When a site doesn’t fully protect or secure all content, a browser will display a mixed-content warning. Mixed content occurs when a webpage containing a combination of both secure (HTTPS) and non-secure (HTTP) content is delivered over SSL to the browser.

Types of Mixed Content

There are two types of mixed content. The more dangerous one is mixed active content. This occurs when an HTTPS site loads a script file over HTTP. Loading a script over an insecure connection completely ruins the security of the current page. Web browsers generally block this type of mixed content completely.

The second type and the one that is more common is mixed passive content or “mixed display content.” This occurs when an HTTPS site loads for example an image or audio file over an HTTP connection. This type of content can’t really ruin the security of the page in the same way, so web browsers don’t react as strictly as they do for “active mixed content”.

Probably the most common cause of all mixed content warnings is when a site that is supposed to be secure is configured to pull images from an unsecured source.

https://www.whynopadlock.com/  is a service that scans your website for insecure items.