How to Check Your Website for Mixed Content

Mixed content is one of the lesser-known threats to the security of your website. In this article, we show you how you can find and fix it.

Screenshot of the mixed content checker in Semonto

What is mixed content?

Mixed content is when your website is loading over a secure HTTPS connection but you are also using resources from an unsecured source (like images or videos over an HTTP connection). You are mixing up HTTPS and HTTP, hence the name: mixed content. Mixed content undermines the security provided by the HTTPS certificate and will mark your website as unsafe in browsers.

Is mixed content bad?

Absolutely. When unsafe content is loaded, the HTTPS principles are not applied for these resources. As a result, the data of your visitors can be leaked. While this may be harmless for static data like images, it can be dangerous for resources like JavaScript or CSS files that allow an attacker to change your website's content. Mixed content can also harm your online reputation. Visitors will see the mixed content warning and may start to doubt whether your website is trustworthy.

Scanning for mixed content with Semonto

If you are monitoring a website with Semonto, mixed content monitoring is enabled by default. So you do not have to do anything special to activate this test. If you have not yet created a monitor in Semonto, go to the dashboard and select ‘Add a website’.

Once you have entered a URL, Semonto will start scanning the website for mixed content. This may take a while, so no need to keep this page open. You will receive a mail with the results if any mixed content was detected.

Interpreting the results

If Semonto found mixed content, you receive a notification by mail. It looks something like this:

Example email when mixed content is found

The overview will mention the location of the mixed content (starting with https) and the non-secure source it is pulled from (starting with http). The mail will show you a selection.

  • To see the full results, log into the Semonto dashboard and go to the monitor overview.
  • Select ‘Mixed Content’ in the left menu.
  • Click on the URL you want to see the results for.
Screenshot of the broken link checker in Semonto
  • You will then see the full list of mixed content locations. Fix the issues by removing or replacing the non-secure elements. If you have any questions about this, feel free to contact us.
  • You can also download the results in CSV, Excel or JSON format.

Adjust the crawling speed

To detect broken links or mixed content, Semonto uses a crawler that fully crawls, reads, and searches all pages of your website. We do this at a specific rate to ensure we don’t impact your website by performing too many requests. A high crawling speed could result in a slower website, but crawling too slowly might cause you to miss some incidents.

In some cases, you may want to decrease the crawling speed. For example, when your website is handling a spike of traffic.

How it works

  • In Semonto, go to your monitor.
  • Go to the Broken Links (or Mixed Content) section.
  • Hit the settings.
  • Select a slower or higher rate limit. This reduces or increases the number of requests per second that Semonto can make to your server while scanning for broken links.
Crawler rate limit in Semonto

FAQ

Does Semonto check every page on my website for mixed content?

The number of URLs that Semonto can check for you is linked to your subscription. If you have exceeded the number of allowed URLs, a message will appear on your dashboard. You can then easily upgrade your account to a subscription that better fits your needs.

Can I download a report or share the results with my team?

Yes, you receive a detailed overview of all the mixed content we have found on your website. You can download the list in an Excel, CSV or JSON format to share the results with your team members.

How often does Semonto check my website for mixed content?

When mixed content monitoring is enabled, Semonto automatically checks your website for mixed content several times a week.

Can I retest after I have fixed the issue?

Right now, you cannot request a quicker retest in between scheduled tests, but this is something that we are working on. We will inform you as soon as this becomes available.

Need any help?

Read more about mixed content on our feature page. Do not hesitate to reach out if you need any help getting started. We are more than happy to assist you.