If you are running a secure website, it’s a good idea to prevent non-secure assets from being included on your page. This can often happen through the use of content management system, or even through website vulnerabilities. A simple change in HTTP headers will help browsers to defend against them.
Content-Security-Policy: block-all-mixed-content
Most modern browsers, except MSIE, currently support this approach.
– Firefox 48+
REFERENCES