Mixed content is simply when a site is loaded over a secure HTTPS connection, but requests resources such as images, videos, stylesheets, or scripts that are loaded over an insecure HTTP connection.
If you’ve already added an SSL certificate and ensured the site is loading over HTTPS but your site is still not secure you most likely have mixed content on the site. Modern browsers will usually either:
1) Block the content from loading, this often occurs with scripts. This prevents the site from loading securely, you may even see a red padlock.
2) Show insecure warnings and indicate to the user that the page they’re requesting has insecure content.
When visiting a webpage over HTTPS in Google Chrome, the browser alerts you to mixed content as errors and warnings in the JavaScript console. You can view mixed content in Chrome by selecting F12 on your keyboard or right-clicking and selecting ‘Inspect’.
A good tool to help identify mixed content is the Why No Padlock? tool.