Currawong Web
Website guides for local business
Free website check →

Photos missing on phones? The http:// mixed-content problem explained

Mixed content is what happens when a secure https page still pulls some of its files — images, scripts, stylesheets — over insecure http. Browsers do not show an error; they just quietly refuse to load those files.

The result is surreal: the site looks fine on the old office PC where it was built, while phone visitors see grey boxes where the photos of your freshly renovated rooms should be.

Why it costs you customers

You paid for those photos and that design; blocked files mean some visitors never see them.

It usually appears after a site is switched to HTTPS without updating old file links — so it disproportionately hits exactly the owners who did the right thing and got a certificate.

Check it in 30 seconds

Open the site on a phone with fresh eyes: any images missing that you know exist?

Our free check counts resources still requested over http:// on your page.

How to fix it

The pattern to hunt

Anywhere your page references http://yourdomain… or http://anything — in image sources, stylesheets, embeds — change it to https:// (or a relative path like /images/photo.jpg).

WordPress shortcut

The Better Search Replace plugin swaps http://yourdomain for https://yourdomain across the whole database in one pass. Back up first; it takes minutes.

Old embeds

Ancient YouTube embeds, map widgets and font links are frequent offenders. Re-grab the embed code from the source — modern embeds are https by default.

From our own site checks

One stubborn http:// logo is worth chasing: a single blocked file can also kill the padlock icon on some browsers, undoing the trust you bought with the certificate. The page is either all-secure or it isn't.

Wondering what else your site is quietly costing you?

Run our free 20-point health check — it tests this and 19 other things in about ten seconds. No signup, nothing stored.

Run the free check See our work