Netsparker detected a mixed content loaded over HTTP within an HTTPS page.
If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. The unencrypted content is accessible to sniffers.
Last but not least, you can use "protocol relative URLs" to have the user's browser automatically choose HTTP or HTTPS as appropriate, depending on which protocol the user is connected with. For example;
a protocol relative URL to load an image would look like <img src="//example.com/image.png">. The browser will automatically add either "http:" or "https:" to the start of the URL, whichever is appropriate.