Mixed content: a lesser-known threat to your website security

In a previous post, we already explained why it is crucial to secure your website with an HTTPS certificate. This certificate ensures that your connection is encrypted and nobody can infiltrate the communication between your server and the visitor of your site. But even with a valid HTTPS certificate, the security of your connection can still get compromised if you have mixed content on your website.

Kathy Salden 1 March 2021

What is mixed content?

Mixed content is when your website is loading over a secure HTTPS connection, while also pulling resources from an unsecured source (like images, audio files or videos over an HTTP connection). You are mixing up HTTPS and HTTP, hence the name: mixed content. Mixed content punches holes into the security provided by the HTTPS certificate.

How can you tell if you have mixed content on your website?

Most browsers notify users of mixed content through a warning. They will not show the trusted lock indicating the connection is secure. Often, browsers will not load content that they consider insecure. You end up with broken images or worse. And if the mixed content occurs on small subpages, they can remain unnoticed for a long time.

Is mixed content bad?

Absolutely. Mixed content can put the security and privacy of your visitor at risk. When unsafe content is loaded, the HTTPS principles are not applied for these resources. As a result, the data of your visitors can be leaked. While this may be harmless for static data like images, it can be dangerous for resources like JavaScript or CSS files that allow an attacker to change your website's content. Mixed content can also harm your online reputation. Visitors will see the mixed content warning and may start to doubt whether your website is trustworthy.

How can you get notified of mixed content immediately?

There are some mixed content checkers out there. The problem is that these tools and plugins only check your website once when you initiate the test. They will give you a snapshot of your website's current state, but they will not continue to watch it afterwards. If you want to prevent mixed content at all times, an automated mixed content monitor is crucial. And that is exactly what we added to Semonto. As a user of Semonto, this new feature is available to you automatically.

NEW: mixed content check in Semonto

For every URL you monitor in Semonto, you can now also activate mixed content monitoring. If Semonto finds any mixed content on your website, you receive a notification, so you can fix the issue before it becomes a security or reputation problem.

How to get started

Mixed content monitoring is available on every plan. You will see three monitor types for every URL in the dashboard: uptime, broken links and mixed content. You can activate or deactivate them with the toggle switch whenever you want. There is no additional charge for using these new monitoring options, but you do need a Semonto account. Create one here

Need any help?

If you need help setting up your mixed content monitor, feel free to reach out. We are here to help!

No credit card required. Cancel anytime. No automatic renewal after the trial.

Like what you read?

Subscribe to our newsletter and get our next blog posts straight into your inbox.

Our privacy policy.