How to Check Your Website for Mixed Content

Mixed content is one of the lesser-known threats to the security of your website. In this article, we show you how you can find and fix it.

Screenshot of the mixed content checker in Semonto

What is mixed content?

Mixed content is when your website is loading over a secure HTTPS connection but you are also using resources from an unsecured source (like images or videos over an HTTP connection). You are mixing up HTTPS and HTTP, hence the name: mixed content. Mixed content undermines the security provided by the HTTPS certificate and will mark your website as unsafe in browsers.

Is mixed content bad?

Absolutely. When unsafe content is loaded, the HTTPS principles are not applied for these resources. As a result, the data of your visitors can be leaked. While this may be harmless for static data like images, it can be dangerous for resources like JavaScript or CSS files that allow an attacker to change your website's content. Mixed content can also harm your online reputation. Visitors will see the mixed content warning and may start to doubt whether your website is trustworthy.

Enabling the mixed content monitor in Semonto

The mixed content monitor is not enabled by default, so you have to switch it on.

  • Log into your Semonto dashboard.
  • Click on ‘mixed content’ in the menu on the left.
  • Select an existing monitor from the list or create a new monitor for the URL you would like to test.
  • Enable mixed content monitoring with the toggle button.

Once you have enabled the test, Semonto will start scanning the website for mixed content. This may take a while, so no need to keep this page open. You will receive a mail with the results if any mixed content was detected.

Interpreting the results

If Semonto found mixed content, you receive a notification by mail. It looks something like this:

The overview will mention the location of the mixed content (starting with https) and the non-secure source it is pulled from (starting with http). The mail will show you a selection.

  • To see the full results, log into the Semonto dashboard and go to the monitor overview.
  • Select ‘Mixed Content’ in the left menu.
  • Click on the URL you want to see the results for.
  • You will then see the full list of mixed content locations. Fix the issues by removing or replacing the non-secure elements. If you have any questions about this, feel free to contact us.
  • You can also download the results in CSV, Excel or JSON format.

FAQ

Does Semonto check every page on my website for mixed content?

The number of URLs that Semonto can check for you is linked to your subscription. If you have exceeded the number of allowed URLs, a message will appear on your dashboard. You can then easily upgrade your account to a subscription that better fits your needs.

Can I download a report or share the results with my team?

Yes, you receive a detailed overview of all the mixed content we have found on your website. You can download the list in an Excel, CSV or JSON format to share the results with your team members.

How often does Semonto check my website for mixed content?

When mixed content monitoring is enabled, Semonto automatically checks your website for mixed content several times a week.

Can I retest after I have fixed the issue?

Right now, you cannot request a quicker retest in between scheduled tests, but this is something that we are working on. We will inform you as soon as this becomes available.

Need any help?

Read more about mixed content on our feature page. Do not hesitate to reach out if you need any help getting started. We are more than happy to assist you.