Track Insecure External Assets with Event Log Files

The new Insecure External Assets event type tracks external assets accessed over the insecure HTTP protocol. The event lists all your Salesforce pages that contain insecure assets hosted on third-party sites that your users loaded with the Chrome, Firefox, Microsoft Edge, or Safari browser. Assets over HTTP can be manipulated through man-in-the-middle and other types of attacks. The attacks can trick users into sending their Salesforce credentials to malicious sites. We recommend that you change the insecure URLs from HTTP to HTTPS.
Available in: Enterprise, Performance, Unlimited, and Developer Editions

The Insecure External Assets event type is available in supported Salesforce editions at no additional cost, along with the Login and Logout event types.