Mixed Content Checker
Find HTTP resources loaded by an HTTPS page.
Fetches the page HTML and checks linked resources for HTTP URLs.
What Is a Mixed Content Checker?
Mixed Content Checker scans an HTTPS page for resources that still load over plain HTTP. It simply means the web page you're visiting has been served securely (using "HTTPS") but is itself requesting some content (an image, for ex.) over non-secure connections ("HTTP").
What the Tool Checks
| Check | Why It Matters |
|---|---|
| Scripts and stylesheets | HTTP scripts and CSS are active mixed content and are commonly blocked by browsers. |
| Images and media | HTTP images or media can still weaken privacy and trigger browser warnings. |
| Frames and forms | HTTP frames and form actions can expose user data or break secure page behavior. |
| CSS URLs | Inline and linked CSS can reference insecure fonts, images, or other assets. |
How to Read the Results
If the result is Clean, no HTTP resources were detected in the scanned page resources.
If the result is Mixed, one or more HTTP resources were detected. Prioritize scripts, stylesheets, fonts, frames, forms, and CSS-loaded assets because browsers are more likely to block or downgrade trust for those.
Mixed content is usually fixed by changing resource URLs from http:// to https://, serving the asset from the same secure origin, or replacing the third-party dependency with one that supports HTTPS.
Frequently Asked Questions
Mixed content happens when an HTTPS page loads one or more subresources over plain HTTP. Browsers may block active mixed content and may warn users about insecure passive content.
The tool fetches the page HTML, extracts common resource URLs such as scripts, stylesheets, images, frames, media, forms, srcset values, inline CSS URLs, and a bounded set of linked stylesheet URLs.
Update HTTP resource URLs to HTTPS, host the resource on a secure origin, or remove the dependency. For third-party assets, use providers that support HTTPS.