According to our investigations, we found that Google could penalize those webpages with insecure internal links. That’s why it is essential to tackle this issue. There are several options to fix mixed content errors.
You can replace the HTTP protocol with a protocol relative URL like “//yourdomain.com/yourpage/” or a relative path like “/
Mixed content weakens HTTPS connections. Someone on the network can intercept an HTTP resource, read it, modify it or take control of it. This is called a man-in-the-middle attack.
For example, someone could take control of an IFRAME on a web page if the URL protocol of this IFRAME is HTTP even if the host page protocol is HTTPS.
On top of that, take into account that if every of the domain HTTP web pages redirects to their HTTPs version, if a link to an internal page starts with HTTP, it will first return a 301 redirect and then a 200 OK HTTP message, rather than an HTTP 200 message.
There are situations where HTTPS features internal links in HTTP on their web page. This means that a user who first visited an HTTPS page may then be “redirected” to HTTP after clicking on a link. For sure a redirection may
be in place at website level to redirect all HTTP requests to HTTPS, but this means that this particular link will first return a 301 redirect message rather than a 200 OK message.