Loading CheckWebs…
Loading CheckWebs…
Security tool
Scan an HTTPS page for mixed content — insecure HTTP resources (images, scripts, stylesheets, iframes) that can compromise the security of the entire page.
What it checks
Find insecure HTTP resources on HTTPS pages.
Review the browser-visible signals that affect user trust and SEO.
Find missing headers, expired certificates, insecure assets, or weak redirects.
Map each finding to server, CDN, or application-level follow-up.
Methodology
Next steps
Interpretation
Use cases
Validate HTTPS, redirects, headers, and browser-facing security before launch.
Quickly confirm whether a warning is caused by TLS, mixed content, or headers.
Collect practical evidence before a security or privacy review.
Popular checks
Next paths
Use these pages when the result points to a broader check, a fix workflow, or a related technical question.
Fix workflows
Resolve expired SSL certificates and prevent HTTPS trust warnings from blocking users.
Open fix guideFix HTTP assets loaded on HTTPS pages to remove browser warnings and trust issues.
Open fix guideAdd HTTP Strict Transport Security safely after HTTPS is working across all hosts.
Open fix guideAdd a Content Security Policy without breaking scripts, styles, analytics, or checkout flows.
Open fix guideFrequently asked questions
No. Enter a URL or domain and run the check in your browser. Some results can be partial if the target site blocks requests or hides the data being checked.
The Mixed Content Scanner runs live checks against the target website. Results reflect what was reachable at the time of the test, so retest after changing DNS, redirects, headers, or page content.
Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over insecure HTTP. This can break browser security features and show warnings to users.
Update all resource URLs from http:// to https://, or use protocol-relative URLs (//). Most modern CDNs support HTTPS by default.