1. Put this page under https domain
2. This page html head tag contains following code
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
3. Add a http hosted image with code here
<img width="50%" src="http://static.junhuih.com/https-test/NowYouSeeMe.jpg" />
There is an image in blow, but browser will block it, and in this case, there is no any alert on the browser gui
Open your browser developer tools, you will see following in your console
Mixed Content: The page at 'https://junhuih.com/pages/https-test/csp-block-all-mixed-content-test.html' was loaded over HTTPS,
but requested an insecure image 'http://static.junhuih.com/https-test/NowYouSeeMe.jpg'.
This request has been blocked; the content must be served over HTTPS.