Loading http content on https website

Question

I\'m thinking about my website architecture that\'s using https.. I now have a CDN server hosting images , css and more static files.

The website itself is using HTT

Answer 1

Yes.

If a page is loaded over HTTPS then every resource it uses should also be loaded over HTTPS.

Otherwise a man-in-the-middle could replace images with misleading ones (or ones that exploit buffer overflow issues in browsers to execute code) and scripts with ones that do different things (such as leak data to the third party).