Skip to content
Pricing RU Sign In
RU

🔒 Mixed Content Checker

Find HTTP resources loaded on an HTTPS page — scripts, styles, images, iframes. Fix the browser security warning.

TL;DR:

Mixed Content Scanner checks an HTTPS site for HTTP resource loading (images, iframes, scripts). Chrome blocks active mixed content entirely; passive triggers a warning. The tool lists every problem URL + upgrade-insecure-requests recommendations.

Save & track URLs you check Free account · 24/7 checks · alerts via Telegram, email, Slack — sign up to monitor any URL you test here.
Free Sign Up
HTTP on HTTPS SiteResources over insecure protocol
Active ContentJS/CSS blocked by the browser
Passive ContentImages with security warning
Page ResourcesAll external resources checked

Why teams trust us

HTTP
mixed content detection
HTTPS
security check
CSS/JS
all resource types
Free
no limits

How it works

1

Enter page URL

2

Scan all resources

3

Find HTTP resources on HTTPS

What is Mixed Content?

Mixed Content is loading HTTP resources (images, scripts, CSS) on an HTTPS page. Browsers block active mixed content (JS, CSS) and warn about passive (images).

Resource Scanning

Find all HTTP resources on the page: scripts, styles, images, frames.

Threat Classification

Divide into active (critical) and passive (non-critical) mixed content.

Problem URL List

Each HTTP resource listed with type and fix recommendation.

Fast Check

Results in seconds — we check the page without full browser rendering.

Who uses this

Security

post-HTTPS migration audit

Developers

insecure resource detection

SEO

browser warning fixes

Sysadmins

third-party resource audit

Common Mistakes

Ignoring passive mixed contentHTTP images aren't blocked, but the browser shows a warning in the address bar.
Not checking after adding JSThird-party scripts may load HTTP resources. Check after connecting them.
Using absolute HTTP URLsUse relative URLs or // scheme everywhere to adapt to protocol.
Not configuring CSPContent-Security-Policy: upgrade-insecure-requests automatically upgrades HTTP to HTTPS.

Best Practices

Use <code>upgrade-insecure-requests</code>CSP directive automatically upgrades all HTTP resources to HTTPS.
Check on deployInclude mixed content check in your CI/CD pipeline.
Use relative URLssrc="/images/logo.png" instead of src="http://example.com/images/logo.png".
Monitor third-party widgetsSocial media widgets and ad systems are a frequent source of mixed content.

Get more with a free account

Mixed content check history and HTTPS security monitoring.

Sign up free

What is Mixed Content?

Mixed content occurs when an HTTPS webpage loads resources (scripts, images, stylesheets) over HTTP. Browsers block active mixed content (scripts, iframes) and warn about passive mixed content (images, audio, video). This tool scans the page source and identifies all HTTP resources that could trigger browser warnings or be silently blocked.

Related tools

SSL CheckSecurity CheckRedirectsPageSpeed

Learn more

How-to

Related guides

Longer-form reading on this topic from the knowledge base.

Automate this check

Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.

Start free

Related Articles

HTTP

Server-Sent Events vs WebSockets: Choosing Real-Time Communication

9 min · Read → HTTP

HTTP 404 Not Found Error: 7 Causes and How to Fix

8 min · Read → HTTP

The Complete HTTP Request Lifecycle: From URL to Rendered Page

10 min · Read →
All articles →

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation