Mixed Content warning: request an insecure element was automatically upgraded to HTTPS

After applied SSL settings to enforce HTTPS browser starts complaining "Mixed Content: ..." as the image shown bellow.

"Mixed Content" warnings occur when an HTTPS page is asked to load a resource over HTTP. Insecure resources are vulnerable to alteration by an active attacker or eavesdropping by a passive attacker, which violates the user's expectation of security for an HTTPS page. Ref: Fixing mixed content for more information.

Fix:

Change all insured links with "http://" to "https://" on the page. This could a tough work and time consuming. The following is a hot fix, it works very well for me.

Hot fix:

Add meta content in html head section to allow browser automatically upgrade http to https, ensure loading contents through SSL layer.

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

Author: IT Team