How to Check Website for Mixed Content with Netpeak SpiderUse Cases
When migrating to the secure HTTPS protocol or when starting the site on HTTPS, a warning message about the blocked loading of mixed content may appear on the page. Quite often, browsers block such pages due to insecure scripts, links, images, videos, etc. Mixed content is the reason for such a bump.
In this blog post, I'm going to tell you what mixed content is and how to get the handle of this problem.
1. What is Mixed Content?
Mixed content is partially unencrypted content. It occurs when initial HTML is loaded over HTTPS connection, but other resources (such as images, videos, stylesheets, etc.) are loaded over an insecure HTTP connection.
This is how a warning about insecure mixed content looks like in Google Chrome browser:
This is a notification about the page has been blocked:
Pages with insecure content can be changed on the script level, that's why attackers can intercept the user's credentials.
Sure thing, it hobbles the website's promotion.
Why it's important: Since February 2020 Chrome browser will start blocking mixed content. They advised transferring mixed content type to https:// to avoid blocking.
2. How to Detect Mixed Content on Your Website
The problem can be detected with the help of Chrome developers' tools, but it's time-consuming when it comes to big website audit – especially when you have hundreds of such websites.
Netpak Spider detects a mixed content issue in a blip of an eye. You just have to choose the ‘Outgoing Links’ parameter in the ‘Links’ group in a sidebar, put the initial URL and start crawling.
When the crawling is completed, you’ll see the results in the main table. If you checked many parameters as I did, you can filter the results by the ‘Mixed Content’ issue only. To do so, go to the ‘Issue’ report, find this nasty issue (in the ‘Warning’ block), click on it and the table will filter unnecessary results.
Regular expressions and the 'Scraping' feature in Netpeak Spider is another way to find mixed content on website pages for those who don't seek for easy solutions.
To detect mixed content scripts, we'll use the following expression: