Mixed content checker
Find everything your HTTPS page still loads over insecure http:// — the scripts and stylesheets browsers silently block, and the images that break your padlock. Paste a page, get the list.
One http:// URL is all it takes
A page is only as secure as its least secure part. Serve one script over plain HTTP and the browser blocks it completely — whatever that script did just stops, with nothing on the page to tell you. Serve one http:// image and the padlock your visitors look for quietly degrades to a warning.
The usual culprit isn't new code. It's a hardcoded URL from before the site had HTTPS — a logo, an old widget, an embed snippet from a tutorial — sitting in a template nobody has read in years.
Mixed content is one check. The free report runs them all.
Run the full scan free — security headers, TLS, cookies, DNS, exposed subdomains and more, graded A to F, with a plain-English fix for each finding.
Mixed content, answered
What is mixed content?
Why does my HTTPS site say “Not secure” or show a broken padlock?
What's the difference between active and passive mixed content?
How do I fix mixed content warnings?
Does mixed content hurt SEO?
Do browsers block mixed content?
one request to your page · nothing stored · checks the HTML we receive, not scripts that run afterwards