Home All Checks Start Audit

Mixed Content Checker

Find resources loaded over insecure HTTP on your HTTPS page

Check Results

This only checks mixed content. For a comprehensive analysis, use the full page check.

You can also audit your entire site. Duplicate titles and descriptions, orphan pages, broken links between sections, and other site-wide issues can only be found with a full site audit.

If you don't have an SEO specialist, we can help fix the errors found.

Full Page Check Full Site Audit Fix Errors

What Is Mixed Content and Why It's Dangerous

Mixed content occurs when a page loaded over secure HTTPS contains resources requested over insecure HTTP. These can be images, scripts, styles, fonts, iframes, and other elements. This undermines the security of the entire page, as HTTP resources are transmitted without encryption and can be intercepted or tampered with by an attacker.

Types of Mixed Content

  • Passive (optionally-blockable) — images, video, audio. Browsers may load them with a warning, but the risk of tampering remains
  • Active (blockable) — scripts, styles, iframes, XMLHttpRequest. Browsers block these resources because tampering with them allows full page control

How Browsers Handle Mixed Content

Modern browsers (Chrome, Firefox, Edge) block active mixed content by default. Passive mixed content may load, but the browser removes the padlock icon from the address bar and shows a console warning. Since 2020, Chrome began automatically upgrading HTTP resources to HTTPS, and blocking them if that's not possible.

How to Fix Mixed Content

  • Replace http:// with https:// — ensure all resources load over HTTPS
  • Use protocol-relative URLs — the format //example.com/file.js automatically uses the current protocol
  • Add a CSP header — the upgrade-insecure-requests directive forces the browser to automatically upgrade HTTP requests to HTTPS
  • Check third-party resources — ensure CDN, widgets, and analytics support HTTPS

Mixed Content Impact on SEO

Search engines prefer fully secure pages. Mixed content may cause Google to consider the page unsafe, negatively affecting search rankings. Additionally, blocked resources can break site display and functionality, increasing bounce rate.

Frequently Asked Questions

How to quickly find all HTTP resources on a site?
Use our tool to check a specific page. For a site-wide search, open DevTools in the browser (F12), go to Console — the browser will show warnings about all blocked and insecure resources. You can also use the Content-Security-Policy-Report-Only header to collect reports.
Can mixed content cause the site to be blocked?
Browsers don't block the entire site, but they block individual insecure resources (scripts, styles, iframes). This can cause the page to render incorrectly — without styles, with broken functionality, or missing elements.
Is the upgrade-insecure-requests directive enough?
The upgrade-insecure-requests directive in the Content-Security-Policy header forces the browser to automatically replace HTTP with HTTPS. This is a good temporary solution, but not all resources may be available over HTTPS. Best practice is to fix all URLs in the source code and ensure each resource is available over the secure protocol.

Other Checks

Indexing Check
robots.txt Check
sitemap.xml Check
SSL Certificate Check
HTTP/HTTPS Check
www Redirect Check
Title Tag Check
Meta Description Check
Headings Check
Canonical Check
Viewport Check
Open Graph Check
Encoding Check
Image Format Check
Alt Tags Check
Lazy Loading Check
Internal Links Check
External Links Check
Broken Links Check
Structured Data Check
Compression Check
HTML Size Check
Render-blocking JS Check
Mixed Content Check
HSTS Check
URL Structure Check