Mixed Content Checker

Scan any HTTPS page for mixed content issues. Find HTTP resources (images, scripts, stylesheets, iframes) loaded on HTTPS pages that cause browser security warnings or get blocked entirely.

Url Required

HTTPS URL to scan for mixed content

Get an API key to automate this

Result

Code snippets

What this tool checks

Scans scripts, stylesheets, images, iframes, media, and embeds
Detects inline style url() references
Classifies severity: active (blocked) vs passive (warned)
Reports line numbers for each issue
Counts resources by type
Checks form actions for HTTP targets

Automate this with the API

Run this tool programmatically from your code. Get a free temporary API key with 20 requests/day — or register for 75 requests/day.

                    curl https://apixies.io/api/v1/check-mixed-content?url=... \
  -H "X-API-Key: YOUR_API_KEY"
                

Get Temporary API Key View API Documentation →

Frequently asked questions

What's the difference between active and passive mixed content?

Active mixed content (scripts, stylesheets, iframes) is blocked by browsers because it can modify the page. Passive mixed content (images, video, audio) shows a warning but may still load.

What if the page isn't HTTPS?

The tool reports that the page isn't served over HTTPS and notes that mixed content doesn't apply. Mixed content is only an issue when an HTTPS page loads HTTP resources.

Does it follow links to other pages?

No. It only scans the single URL you provide. It checks the HTML source for resource references but doesn't crawl to other pages.

Related tools

Free SSL Certificate Checker

Enter a domain to inspect its SSL/TLS certificate. You'll see the issuer, validity dates, days until expiry, protocol version, and whether the certificate chain is healthy. Useful for catching expiring certificates before they cause browser warnings.

Security Headers Checker

Paste a URL to analyze its HTTP security headers. The tool checks for Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and other headers that protect against common web attacks. You'll get a grade and a list of missing protections.

Free Email Validator

Enter an email address to validate it. The tool checks format syntax, resolves MX records to verify the domain accepts mail, detects disposable email services (like Mailinator), and flags role-based addresses (like info@ or admin@). Useful for cleaning mailing lists or validating form submissions.

Email Authentication Checker (SPF, DKIM, DMARC)

Enter a domain to check its email authentication configuration. The tool validates SPF records (who can send on your behalf), DKIM records (email signatures), and DMARC policies (what to do with unauthenticated mail). Misconfigured authentication is the top reason emails land in spam.

View all 49 tools →