How to Check Website for Mixed Content with Netpeak SpiderUse Cases
When migrating to the secure HTTPS protocol or when starting the site on HTTPS, a warning message about the blocked loading of mixed content may appear on the page. Quite often, browsers block such pages due to insecure scripts, links, images, videos, etc. Mixed content is the reason for such a bump.
In this blog post, I'm going to tell you what mixed content is and how to get the handle of this problem.
1. What is Mixed Content?
Mixed content is partially unencrypted content. It occurs when initial HTML is loaded over HTTPS connection, but other resources (such as images, videos, stylesheets, etc.) are loaded over an insecure HTTP connection.
This is how a warning about insecure mixed content looks like in Google Chrome browser:
This is a notification about the page has been blocked:
Pages with insecure content can be changed on the script level, that's why attackers can intercept the user's credentials.
Sure thing, it hobbles the website's promotion.
Why it's important: Since February 2020 Chrome browser will start blocking mixed content. They advised transferring mixed content type to https:// to avoid blocking.
2. How to Detect Mixed Content on Your Website
The problem can be detected with the help of Chrome developers' tools, but it's time-consuming when it comes to big website audit – especially when you have hundreds of such websites.
Regular expressions and the 'Scraping' feature in Netpeak Spider can become a solution.
To detect mixed content scripts, we'll use the following expression: