Http Mixed Content
Description
This detector identifies mixed content vulnerabilities where HTTPS pages load resources (scripts, stylesheets, images, etc.) over insecure HTTP connections. Mixed content compromises the security of the entire page by allowing attackers to intercept or modify resources, potentially leading to data theft or code injection attacks.
Detection Strategy
• Only analyzes HTTPS pages (ignores HTTP pages entirely)
• Scans HTML content for specific tags that can load external resources (script, link, img, iframe, etc.)
• Identifies resource URLs that use HTTP protocol instead of HTTPS
• Excludes localhost URLs from vulnerability reporting
• Reports the exact location in HTML where insecure HTTP resources are referenced
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.