HTTP
Mixed Content Checker
Find HTTP resources on HTTPS pages. Paste HTML, scan for insecure scripts, images, styles.
View page source (Ctrl+U) and paste. Scans img, script, link, iframe, embed, url().
How to use
- Enter a domain, URL, or value relevant to Mixed Content Checker.
- Run the check and review the output carefully.
- Apply recommended fixes, then run the check again to verify.
Common use cases
- Pre-deployment validation for Mixed Content Checker.
- Incident triage when security checks fail in production.
- Periodic security review as part of technical SEO and hardening.
Example inputs
<script src="http://cdn.example.com/lib.js"></script>Common issues and fixes
HTTP script on HTTPS page
Browsers block mixed scripts. Replace http:// with https:// or protocol-relative //.
HTTP images or styles
Some browsers allow mixed passive content but warn. Fix all resources to HTTPS.
Hardcoded http:// URLs
Use relative URLs or // to inherit protocol. Avoid absolute http://.
Recommended remediation
Replace all http:// with https://. Use protocol-relative // or relative paths. Enable HSTS to prevent downgrades.
FAQ
Is Mixed Content Checker free to use?
Yes. This tool is free and can be used without account registration.
Do you store submitted values?
Only the minimum processing needed for the check. For client-side tools, data stays in your browser.
How should I use these results?
Use the output as a diagnostic baseline, apply fixes in your stack, then re-run the check to confirm remediation.
Related security tools
HTTP Header Analyzer
Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options.
HSTS Checker
Check Strict-Transport-Security header. Verify max-age, includeSubDomains, preload.
CSP Checker
Check Content-Security-Policy. Parse directives, detect unsafe-inline, unsafe-eval.
HTTP to HTTPS Redirect Checker
Check if site redirects HTTP to HTTPS. Redirect chain. HSTS preload requirement.