Fix mixed content

We all know browsers are notifiing clients of none secure connection, they also alert when there is mix content of secure and none secure objects on the same page. we will list here the simplest yet most efective way to fix that issue with and without modifying the pages.

Server side settings :

On the server side you should set to respond with the header that will tell the browser to send all requests over secure connection eg. TLS

Content-Security-Policy: upgrade-insecure-requests

Web page setting :

You can also set the same header to get called from within the HTML page itself by placing a META tag at the header of the pages

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">