Mixed content is one of the lesser-known threats to the security of your website. In this article, we show you how you can find and fix it.
Mixed content is when your website is loading over a secure HTTPS connection but you are also using resources from an unsecured source (like images or videos over an HTTP connection). You are mixing up HTTPS and HTTP, hence the name: mixed content. Mixed content undermines the security provided by the HTTPS certificate and will mark your website as unsafe in browsers.
Absolutely. When unsafe content is loaded, the HTTPS principles are not applied for these resources. As a result, the data of your visitors can be leaked. While this may be harmless for static data like images, it can be dangerous for resources like JavaScript or CSS files that allow an attacker to change your website's content. Mixed content can also harm your online reputation. Visitors will see the mixed content warning and may start to doubt whether your website is trustworthy.
If you are monitoring a website with Semonto, mixed content monitoring is enabled by default. So you do not have to do anything special to activate this test. If you have not yet created a monitor in Semonto, go to the dashboard and select ‘Add a website’.
Once you have entered a URL, Semonto will start scanning the website for mixed content. This may take a while, so no need to keep this page open. You will receive a mail with the results if any mixed content was detected.
If Semonto found mixed content, you receive a notification by mail. It looks something like this:
The overview will mention the location of the mixed content (starting with https) and the non-secure source it is pulled from (starting with http). The mail will show you a selection.
To detect broken links or mixed content, Semonto uses a crawler that fully crawls, reads, and searches all pages of your website. We do this at a specific rate to ensure we don’t impact your website by performing too many requests. A high crawling speed could result in a slower website, but crawling too slowly might cause you to miss some incidents.
In some cases, you may want to decrease the crawling speed. For example, when your website is handling a spike of traffic.
The number of URLs that Semonto can check for you is linked to your subscription. If you have exceeded the number of allowed URLs, a message will appear on your dashboard. You can then easily upgrade your account to a subscription that better fits your needs.
Yes, you receive a detailed overview of all the mixed content we have found on your website. You can download the list in an Excel, CSV or JSON format to share the results with your team members.
When mixed content monitoring is enabled, Semonto automatically checks your website for mixed content several times a week.
Right now, you cannot request a quicker retest in between scheduled tests, but this is something that we are working on. We will inform you as soon as this becomes available.
Read more about mixed content on our feature page. Do not hesitate to reach out if you need any help getting started. We are more than happy to assist you.