We need mixed content warnings, where the Domain has a valid SSL Certificate but URLs are listed in the database via http://
As a first pass would a keyword match on ‘http://‘ work? JS loaded assets wouldn’t be caught though.