Aller au contenu principal
stringer . network
Sign up
Free tool · Technical SEO

HTTPS Mixed Content Checker

Scan your HTTPS page for resources served over HTTP. One HTTP iframe is enough to break the padlock and erode user trust.

URL to scan

The URL must be HTTPS, mixed content only matters on a secured site.

Also worth exploring

All tools
robots.txt Multi-Bot Tester

Test your robots.txt against 18 user-agents: Googlebot, Bingbot, GPTBot, ClaudeBot, PerplexityBot, Applebot and other AI crawlers. Path × bot matrix.
hreflang Tester

Verify your hreflang tags: valid ISO codes, reciprocity between language versions, x-default, conformance with Google's recommendations.
HTTP Headers SEO Checker

Inspect HTTP response headers: x-robots-tag, cache-control, HSTS, link, vary, server. SEO + security annotations on impactful headers.
sitemap.xml Validator

Validate your sitemap.xml: structure, URL count, lastmod outliers, sitemap-index recursion. Conforms to sitemaps.org and Google.

Frequently asked questions

What is mixed content? +

A page served over HTTPS that loads resources (images, scripts, iframes, fonts) over HTTP. The browser shows a crossed-out padlock or a "not secure" warning, immediate loss of user trust. Worse, on modern Chrome, HTTP scripts and iframes are automatically blocked ("active mixed content"), which literally breaks the page.

Active vs passive mixed content? +

Active = scripts, iframes, XHR, WebSocket, resources that can modify the DOM. Blocked automatically by browsers since 2020. Passive = images, videos, audio, cannot run code but trigger the "not secure" warning. Chrome automatically upgrades HTTP images to HTTPS since Chrome 90, but that remains a fragile fallback.

How to fix? +

Three options. (1) Upgrade server-side, change URLs in your CMS to use https:// or relative URLs (//example.com/ or /path). (2) Content Security Policy, add upgrade-insecure-requests which forces the browser to try HTTPS. (3) If the resource is not available over HTTPS (rare in 2025), host it on your own server or replace it.

Is this tool complete? +

We scan static HTML for: img/script/link/iframe/video/audio/embed/object/source/form. We do not follow dynamic JS imports, runtime fetch() calls, WebSockets, or resources injected by an external script. For those, open DevTools → Security tab or Console, Chrome reports all mixed content actually loaded. This tool pre-flags obvious cases before a deploy.

Actually buying backlinks?

Our network catalog is browsable without signup. Publisher pricing shown, no commission, no middleman.

See the network All tools