Netsparker detected that an active content loaded over HTTP within an HTTPS page.
Active Content is a resource which can run in the context of your page and moreover can alter the entire page. If the HTTPS page includes active content like scripts or stylesheets retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. The unencrypted content is accessible to sniffers.
A man-in-the-middle attacker can intercept the request for the HTTP content and also rewrite the response to include malicious codes. Malicious active content can steal the user's credentials, acquire sensitive data about the user, or attempt to install malware on the user's system (by leveraging vulnerabilities in the browser or its plugins, for example), and therefore the connection is not safeguarded anymore.
A protocol relative URL to load an style would look like
<link rel="stylesheet" href="//example.com/style.css"/>.
Same for scripts
The browser will automatically add either "http:" or "https:" to the start of the URL, whichever is appropriate.