Paste HTML from an HTTPS page and find http:// assets, form actions, srcset entries and CSS URLs.
This checker is for the common deployment problem where an HTTPS page still references an insecure image, script, form target or stylesheet asset. It works on pasted HTML and runs entirely in the browser.
What it reviews
The scan looks at src, href, action, poster, data, cite, srcset and CSS url() references. It separates direct http:// mixed content from protocol-relative URLs that should usually be made explicit.
Good use case
Paste the rendered HTML from view source, a template partial or a CMS field before a release. The page does not crawl a site or download remote files.