Mixed Content Tester

If your site is HTTPS but parts of the page still load over HTTP, browsers may block them — leading to broken layouts, missing images, scripts that don’t run, and security warnings. This tool finds the exact URLs causing the issue.

Single-page scan • Clear report • Export CSV/JSON

Common symptoms this tool helps with

Tip: Open your browser DevTools → Console and search for “mixed content”. This tool gives you the same insight in a clean list you can export.

Test a page

Enter a page URL (preferably HTTPS). We’ll fetch the HTML, locate resource links, and highlight anything loaded via HTTP. Optional: verify whether an HTTPS equivalent exists for each HTTP asset.

How to fix mixed content (quick checklist)

  • Replace hardcoded http:// asset URLs with https:// where supported.
  • Update CDN endpoints to HTTPS and ensure valid certificates.
  • Check theme/plugins for old links (common after migrations).
  • Fix forms: ensure action URLs are HTTPS.
  • Review embedded widgets (chat, analytics, iframes) for HTTP references.
  • Use relative URLs for same-domain assets where possible.

What this tool checks (and what it can miss)

This tool analyses the server-delivered HTML and common places assets are referenced (script/link/img/iframe/etc). If your site injects assets via JavaScript after page load, you may need to also inspect the Network tab or the rendered DOM.

Safety & scope

For safety, private/internal targets are blocked (SSRF protection). This tool scans one page URL at a time and does not crawl your website.

Related tools

If you’re working with streaming playlists too: M3U Online Player M3U Playlist Checker & CleanerM3U URL → TXT Converter

FAQ

Does mixed content always break a page?
Not always — but it can. “Active” mixed content (scripts/iframes) is often blocked. “Passive” mixed content (images) may load with warnings depending on browser rules.

What’s the fastest fix for WordPress sites?
Update site URLs to HTTPS, replace old HTTP URLs in theme/plugin settings, and check your database for hardcoded http:// references.

Can I just enable an automatic “force HTTPS” rule?
It can help, but it won’t fix third-party assets that don’t support HTTPS. Always update the source URL where possible.

Why does the final URL differ from what I entered?
Redirects are common (http→https, www/non-www). The report shows the final resolved URL so you can match what browsers actually load.

Why don’t I see every request my browser shows?
Some requests are created after page load by JavaScript. This tool scans server HTML, which is the most reliable starting point for permanent fixes.

Will this detect inline CSS background images?
Yes — it scans for CSS url(...) references in the HTML.