This could be addressed in the browser itself
Why can't the browser itself alert the user when there is a mixture of TLS certicates from different domains on the same page? Most of them already alert if you visit a page where the TLS certificate subject name does not match the URL you have visited.