How to Check Website for Mixed Content with Netpeak Spider
Use Cases
When you migrate to the secure HTTPS protocol or launch an HTTPS website, you may encounter a warning about an insecure website connection. Often, browsers block such pages because of unsafe scripts. This is caused by the mixed content (also known as insecure content) present on a website.
What is insecure content in Chrome and other browsers? Read further to find this out, discover how to test such content, and get rid of such a problem completely.
What is insecure content?
Mixed content, also known as insecure, is partially unencrypted. It happens when the original HTML code loads through an HTTPS connection, but some elements (images, videos, stylesheets, etc.) load through an unsecured HTTP connection.
This is what the mixed content warning looks like in the Google Chrome browser:
This is the notification about the blocked page:
Pages with insecure content in Chrome and other browsers experience code modification. Therefore, sensitive user data on such pages can be exposed to cybersecurity threats.
Obviously, this hurts website promotion.
This is important because, in Chrome, mixed content has been blocked since February 2020. If you don't want to find out that your resources and content links are blocked, consider moving mixed content to https://.
How to find mixed content on the website with Netpeak Spider?
You can identify the mixed content using Chrome developer tools. However, it could be time-consuming to check big websites, especially if you have hundreds of them.
In this case, regular expressions and the Netpeak Spider's "Parsing" feature can be a better solution.
This command helps identify mixed content scripts:
(?i)(?:<script[^<>]*http:[^<>]*>(?:(?:(?!<\/script>)[\s\S])*(?:(?:(?!<\/script>)[\s\S])*<\/script>)|(?i)(?:<script[^<>]*>(?:(?!<\/script>)[\s\S])*http:(?:(?:(?!<\/script>)[\s\S])*<\/script>))
While this command allows you to find href links:
(?i)<a [^<>]*href="http:\/\/.{0,8}.DOMAIN[^<>]*>(?:(?!<\/a>)[\s\S])*<\/a>
You can also use this command to detect the rest of the mixed content containing URL, location, DOCTYPE, and other elements:
(?i)<(?!a )[^<>]*(?:src|href|content|location|url|origin)[="\(]{0,2}http:(?:(?!§)[^<>])*>>
To run the mixed content checker, launch Netpeak Spider's crawler and do the following:
1. Open Settings → Parsing. Copy the scripts above and name each of them.
2. Select the RegExp search type and the "All Source Code" area.
3. In the sidebar, tick only the essential settings and verify if the "Parsing" option is checked.
4. Insert the domain of a website where you want to run a mixed content check and click on the "Start" button.
5. When you're done analyzing, go to the "Reports" → "Parsing" tab and select "All Results." There, you can see if there are any unprotected scripts and elements on HTTPS protocol pages.
To learn more about parsing, check out our guide on scraping data from online stores using Netpeak Spider.
How to fix mixed content at the page?
How to fix mixed content issues in WordPress? The easiest option is to use Really Simple SSL — this is the build-in fixer that works as SSL mixed content checker and updates most content automatically. However, certain mixed content in WordPress cannot be fixed this way.
This is usually:
- Stylesheet links or JavaScript files that allow mixed content warnings due to the hardcoded HTTP links they contain
- Embedded images that have URLs from different domains without SSL certificates
- JavaScript or CSS files from other domains without an SSL certificate and links within these files
In this case, the easiest way to fix these issues would be to update to the Really Simple SSL Pro plugin.
If your website doesn't run on WordPress, you can process mixed content in the following steps.
Step 1: find the mixed content
If you see that the premium content cannot be played on this screen because it is not secure or a mixed content browser notification popping up, you need to open the source code of this page. Press CTRL+F in it and insert the "http://" text to identify the HTTP URLs that are the reason for your Chrome's insecure content issue.
Step 2: check if your resource has both HTTP and HTTPS version
This sometimes happens, and if that's the case, you don't need to make any changes yourself. Chrome auto-updates insecure websites to the HTTPS version so they will continue functioning.
However, chances are that you might not find the HTTPS version of your website. In this case, you might see the notification "Resource not available over HTTPS".
What else is usually present in the address bar if a site is not secure? If you use Chrome, you might see the "Certificate warning when attempting to view resources over HTTPS" notification. In this case, you'll have to migrate your website to HTTPS.
Step 3: move your website to HTTPS
How to do that? Start with adding the same resource but from a different host that provides the HTTPS version.
If you can download your external resource, do that, and then host it in your HTTPS server. If your resource isn't integral, exclude it from your website.
Step 4: update your source file
After uploading your resource to an HTTPS domain, copy its new HTTPS URL and update it in the source code.
Step 5: confirm that the issue is fixed
You can do this by refreshing your website on a potentially problematic page. If the issue is resolved, they will now load just fine.
Check URLs for SEO parameters with Netpeak Checker
Fixing mixed content issues will allow you to avoid checking if a site is down or flashes "insecure content" warnings again — at least for a while. However, to prevent this problem from happening again, you need to conduct regular SEO checks of your links.
Netpeak Checker is one of the best ways to do that. This free tool can be integrated with the top 25 SEO-related services, including Google Analytics, Ahrefs, and Serpstat. Such integration allows you to gather data on hundreds of essential parameters and efficiently run quick essential and in-depth site checks.
Try Netpeak Checker to see how easy your SEO checks can become!
Conclusion
Insecure images, links, and other mixed content types can make your website vulnerable and worsen its search engine ranking. To avoid this, you need to fix the insecure content issue as soon as you spot it. Follow the instructions from this article and use tools like Netpeak Spider to quickly spot and eliminate all the content that hinders your site's performance.
