Mixed Content

The mixed content endpoint returns all insecure resources detected on a monitor with the mixed content check enabled. Mixed content occurs when an HTTPS page loads resources over HTTP.

You'll need a monitor ID for this endpoint.

Example request:

$ OHDEAR_TOKEN="your API token"
$ curl https://ohdear.app/api/mixed-content/1 \
    -H "Authorization: Bearer $OHDEAR_TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json'

All endpoints below follow the same authentication pattern.

Get mixed content for a monitor #

GET /api/mixed-content/{monitorId}

Returns all mixed content items from the latest completed crawl run. You can also fetch results from a specific past run by passing run_id (see check history).

Query parameters:

• run_id (integer, optional) -- return results from a specific run instead of the latest. Get run IDs from the check history endpoint.

Here's what the response looks like:

{
  "data": [
    {
      "element_name": "img",
      "mixed_content_url": "http://example.com/image.jpg",
      "found_on_url": "https://example.com"
    }
  ],
  "meta": {
    "run_id": 98765,
    "run_started_at": "2026-03-17T00:30:00+00:00",
    "run_ended_at": "2026-03-17T00:53:58+00:00"
  }
}

• element_name: the HTML element that loads the insecure resource (e.g., img, script, link)
• mixed_content_url: the http:// URL being loaded on an https:// page
• found_on_url: the page where the mixed content was detected

The meta object contains information about which run the results come from:

• run_id: the ID of the run
• run_started_at: when the run started (ISO 8601, UTC), or null
• run_ended_at: when the run completed (ISO 8601, UTC)