[{"data":1,"prerenderedAt":222},["ShallowReactive",2],{"seo-features/mixed-content-monitoring":3},{"slug":4,"kind":5,"archetype":6,"cluster":7,"navGroup":8,"navLabel":9,"meta":10,"breadcrumbs":15,"hero":23,"sections":59},"features/mixed-content-monitoring","spoke","capability","features","monitoring","Mixed Content Monitoring",{"title":11,"description":12,"canonicalPath":13,"twitterCard":14},"Mixed Content Monitoring — Catch HTTP Resources on HTTPS Pages","SiteWatch detects mixed content automatically — scripts, images, stylesheets, and iframes loaded over HTTP on HTTPS pages. Find it before visitors see \"Not Secure\".","/features/mixed-content-monitoring","summary_large_image",[16,19,22],{"label":17,"href":18},"Home","/",{"label":20,"href":21},"Features","/features",{"label":9,"href":13},{"eyebrow":24,"headline":25,"intentStatement":26,"bullets":27,"primaryCta":37,"secondaryCta":40,"proofPanel":43},"Mixed Content Detection","Catch HTTP resources on HTTPS pages before visitors see \"Not Secure\"","A single HTTP image on an HTTPS page triggers a browser security warning. A HTTP script breaks the page entirely. Mixed content creeps in after CMS updates, plugin installs, and content editor mistakes — and your uptime monitor never fires. SiteWatch scans for mixed content across all 9 resource types on every check, automatically.",[28,31,34],{"icon":29,"text":30},"heroicons:shield-exclamation","9 resource types scanned: scripts, images, stylesheets, iframes, video, audio, objects, embeds, and media",{"icon":32,"text":33},"heroicons:exclamation-triangle","Active mixed content (scripts, iframes) flagged critical — browsers block these entirely",{"icon":35,"text":36},"heroicons:eye","Passive mixed content (images, stylesheets) flagged high — browsers show \"Not Secure\" warnings",{"label":38,"href":39},"Start monitoring for free","/#pricing",{"label":41,"href":42},"See security monitoring","/features/security-monitoring",{"type":44,"badgeLabel":45,"checks":46},"trust-shield","Mixed Content Check",[47,50,52,54,57],{"label":48,"passed":49},"HTTP scripts — blocked by browser",false,{"label":51,"passed":49},"HTTP images — security warning",{"label":53,"passed":49},"HTTP stylesheets detected",{"label":55,"passed":56},"HTTPS fonts — clean",true,{"label":58,"passed":56},"HTTPS iframes — clean",[60,89,103,124,150,170,194,202],{"id":61,"tocLabel":62,"type":63,"eyebrow":62,"heading":64,"items":65},"benefits","Why it matters","benefits-grid","Mixed content is the silent cause of \"Not Secure\" browser warnings",[66,70,74,78,82,85],{"icon":67,"title":68,"description":69},"heroicons:lock-open","The padlock disappears","When an HTTPS page loads any HTTP resource, browsers remove the padlock icon or show a security warning. Visitors see \"Not Secure\" — and trust evaporates. SiteWatch finds mixed content before your clients' visitors do.",{"icon":71,"title":72,"description":73},"heroicons:code-bracket","Active content breaks pages","HTTP scripts, iframes, objects, and embeds are blocked entirely by modern browsers. A single HTTP analytics tag or chat widget can silently break page functionality while your server returns 200 OK and uptime stays green.",{"icon":75,"title":76,"description":77},"heroicons:photo","Passive content triggers warnings","HTTP images, stylesheets, video, and audio are still loaded by browsers — but with a visible security warning. Your HTTPS site looks insecure even though the page renders. Clients notice. Their customers notice.",{"icon":79,"title":80,"description":81},"heroicons:arrow-path","It appears after every CMS update","Mixed content is rarely there at launch — it creeps in after plugin installs, theme updates, and migrations from HTTP to HTTPS. SiteWatch checks continuously so you catch it the moment it appears, not in a client complaint.",{"icon":29,"title":83,"description":84},"HTTPS alone is not enough","Having a valid SSL certificate doesn't protect you from mixed content. Certificate monitoring catches expiry — mixed content monitoring catches what happens inside the page. Together they give you complete HTTPS health coverage.",{"icon":86,"title":87,"description":88},"heroicons:building-office-2","Agencies discover this from clients","Without continuous monitoring, agencies find mixed content via client complaints — \"why does my site say Not Secure?\" SiteWatch makes it automatic: you know before they do, with evidence of exactly which resources are the problem.",{"id":90,"tocLabel":91,"type":92,"stats":93},"trust","Coverage","trust-strip",[94,97,100],{"value":95,"label":96},"9","Resource types scanned",{"value":98,"label":99},"Every check","Detection frequency",{"value":101,"label":102},"All plans","Included on",{"id":104,"tocLabel":105,"type":106,"eyebrow":107,"heading":108,"groups":109},"detection","What we detect","detection-list-grouped","Detection coverage","Every mixed content type. Every check. No configuration.",[110,117],{"groupLabel":111,"icon":112,"items":113},"Critical — browsers block these","heroicons:x-circle",[114,115,116],"HTTP scripts — JavaScript files over HTTP are blocked entirely by modern browsers. Any script running over HTTP on an HTTPS page fails silently or breaks functionality outright.","HTTP iframes — Embedded pages over HTTP are blocked. Login forms, payment widgets, and embedded tools stop working.","HTTP objects and embeds — Plugins and embedded content served over HTTP are blocked. PDF viewers, media players, and embeds fail without warning.",{"groupLabel":118,"icon":32,"items":119},"High — browsers warn and still load",[120,121,122,123],"HTTP images — Photos, logos, and product images served over HTTP trigger the \"Not Secure\" indicator even though the image loads. The padlock disappears.","HTTP stylesheets — CSS files over HTTP trigger security warnings and may be blocked in strict configurations. Unstyled or partially broken layouts result.","HTTP video and audio — Media files over HTTP trigger mixed content warnings. The media may play, but the security indicator is broken.","HTTP media sources — Source, track, and srcset attributes pointing to HTTP URLs in video and audio elements.",{"id":125,"tocLabel":126,"type":127,"eyebrow":126,"heading":128,"bgVariant":129,"steps":130},"how-it-works","How it works","how-it-works-stepper","Automatic detection on every check — zero configuration","muted",[131,136,141,145],{"number":132,"icon":133,"title":134,"description":135},"01","heroicons:globe-alt","Page fetched on schedule","SiteWatch fetches your HTTPS page on its normal monitoring schedule. Mixed content detection is built into every integrity check — no separate scan, no extra setup.",{"number":137,"icon":138,"title":139,"description":140},"02","heroicons:magnifying-glass","All resource references inspected","Every resource on the page is inspected: src, href, srcset, and inline styles. HTTP URLs on an HTTPS page are flagged by type and severity.",{"number":142,"icon":32,"title":143,"description":144},"03","Severity determined automatically","Active mixed content (scripts, iframes, objects, embeds) generates a Critical incident — browsers block these. Passive content (images, stylesheets, media) generates a High incident — browsers warn but load them.",{"number":146,"icon":147,"title":148,"description":149},"04","heroicons:bell-alert","Incident created with evidence","An incident is created listing each HTTP resource found, its type, and its URL. The evidence table is the audit report — forward it directly to whoever manages the site.",{"id":151,"tocLabel":152,"type":63,"eyebrow":153,"heading":154,"items":155},"security-stack","Full HTTPS health","Complete HTTPS coverage","SiteWatch monitors every layer of your HTTPS security",[156,161,166],{"icon":157,"title":158,"description":159,"linkLabel":158,"linkHref":160},"heroicons:lock-closed","SSL certificate monitoring","Expiry warnings, full chain validation, and TLS protocol checks. SiteWatch monitors every certificate continuously — 30-day early warning so no client site ever expires silently.","/features/ssl-certificate-monitoring",{"icon":162,"title":163,"description":164,"linkLabel":165,"linkHref":42},"heroicons:shield-check","Security header monitoring & regression","CSP, HSTS, X-Frame-Options, and more — checked on every scan. SiteWatch also detects security header regressions: if a deployment removes a header that was previously present, you get a high-severity alert within the hour.","Security header monitoring",{"icon":133,"title":167,"description":168,"linkLabel":167,"linkHref":169},"Domain expiry monitoring","Domain registration expiry tracked automatically via RDAP for every monitored site. 30-day early warning before a client domain lapses — no WHOIS tools, no calendar reminders.","/features/domain-expiry-monitoring",{"id":171,"tocLabel":172,"type":173,"eyebrow":172,"heading":174,"items":175},"faq","FAQ","faq-accordion","Frequently asked questions",[176,179,182,185,188,191],{"question":177,"answer":178},"What is mixed content?","Mixed content occurs when an HTTPS page loads resources (scripts, images, stylesheets, iframes, media) over HTTP rather than HTTPS. Browsers flag these as insecure. Active mixed content (scripts, iframes) is blocked entirely by modern browsers. Passive mixed content (images, media) is loaded but triggers visible security warnings — the padlock icon disappears or shows a warning indicator.",{"question":180,"answer":181},"Why does my HTTPS site still show mixed content warnings?","Having a valid SSL certificate doesn't prevent mixed content. The certificate secures the connection between your server and the browser. If your page references any resource over HTTP — a plugin loading a script, a content editor pasting an image URL, a theme hardcoding HTTP paths — browsers will flag it. Mixed content is the most common reason an HTTPS site shows \"Not Secure.\"",{"question":183,"answer":184},"What resource types does SiteWatch scan?","SiteWatch scans 9 resource types: scripts, images, stylesheets, iframes, video, audio, objects, embeds, and media sources (including srcset and track references). Active content types (scripts, iframes, objects, embeds) generate Critical incidents. Passive content types (images, stylesheets, video, audio) generate High incidents.",{"question":186,"answer":187},"Is this different from SSL certificate monitoring?","Yes. SSL monitoring checks whether your certificate is valid and when it expires. Mixed content monitoring checks whether your page content is actually served securely. A site can have a perfectly valid SSL certificate and still show \"Not Secure\" warnings if any page resource loads over HTTP. You need both for complete HTTPS coverage.",{"question":189,"answer":190},"Do I need to configure anything?","No. Mixed content detection runs automatically on every integrity check. There is nothing to enable, no scanning schedule to set up. If you are monitoring a site with SiteWatch, mixed content detection is already running.",{"question":192,"answer":193},"Which plans include mixed content detection?","All plans — Free, Starter, and Pro. Mixed content detection runs on every site you monitor, from your first free site to your full Pro portfolio.",{"id":195,"tocLabel":196,"type":197,"heading":198,"subtext":199,"primaryLabel":200,"primaryHref":201},"cta","Get started","cta-strip","Find mixed content before your clients' visitors do","Free plan. 1 site. Automatic detection. No credit card.","Start monitoring","https://app.getsitewatch.com",{"id":203,"tocLabel":204,"type":205,"eyebrow":206,"heading":207,"links":208},"related","Related","related-links-grid","Explore more","Related monitoring capabilities",[209,212,215,218],{"label":210,"href":42,"description":211,"icon":162},"Security Header Monitoring","CSP, HSTS, X-Frame-Options, and regression alerts — continuous security posture monitoring.",{"label":213,"href":160,"description":214,"icon":157},"SSL Certificate Monitoring","Continuous SSL expiry tracking, chain validation, and TLS cipher checks.",{"label":216,"href":169,"description":217,"icon":133},"Domain Expiry Monitoring","Domain registration expiry tracked automatically — 30-day early warning.",{"label":219,"href":220,"description":221,"icon":71},"Broken Assets Monitoring","/features/broken-assets-monitoring","Detect broken JS, CSS, images, and fonts on every check.",1777231446559]