Security-wise there are three types of websites that you would often come across in your web browser – insecure sites, secure sites and mixed-content sites. The insecure sites are served to you over an unecnrypted HTTP connection. These sites do not require any secure connection because the information passing between you and the website is not sensitive. The secure sites are served to you over an encrypted HTTPS connection, because they often involve in the transfer of the sensitive data. Websites of your bank, online shopping sites, PayPal etc., use secure connection. A mixed-content website is a website that loads content both through a secure encrypted HTTPS connection and also over insecure unencrypted HTTP connection.
Security experts often warn about the mixed content websites as they can be used in man-in-the-middle-attacks. An attacker can simply replace the content requested through the HTTP connection on a mixed content site and monitor the sensitive data as well. This is why it is important to avoid entering any sensitive information on mixed content sites.
If you are using the Chrome web browser, then the mixed content warnings may sometimes be given because some extension was injecting insecure HTTP content on all web pages. This type of mixed content warnings can be ignored if the extension is from a safe source and designed by a reputed developer or company. It is very easy to find which of the elements on a mixed content webpage are being loaded insecurely.
When you open a mixed content site in your Chrome browser, the first thing you notice is the warning icon in place of the favicon. This warning icon is how you know that something is wrong with the secure connection of this site and that it is loading mixed content.
In order to find which of the elements of that webpage are being loaded through insecure connections, you have to invoke the browser console by pressing the hotkey Ctrl+Shift+J. This would open a tiny console near the bottom edge of the Chrome window.
You can click on the yellow warning icon in the console which also shows the number of warnings. Among these warnings you would find the insecure content warnings for that webpage along with the complete details about which of the elements are loaded insecurely. You may also find other types of warnings, but those are unrelated to mixed content warnings.
Conclusion: Chrome is one of most secure web browsers in the world. It automatically blocks any active insecure content being loaded on a mixed content site, but does not block the insecure display content (like images). Using the browser console feature, you can easily find which of elements on a mixed content site are being loaded insecurely.