Part of the Security audit
Find mixed content on your HTTPS site
Mixed content breaks the lock icon in your browser and lowers visitor trust. SiteCurl finds files loaded over HTTP on your HTTPS pages.
No signup required. Results in under 60 seconds.
What this check does
SiteCurl scans your HTTPS pages for resources (images, scripts, stylesheets, fonts) loaded over plain HTTP. These are called mixed content because the page is secure but some of its parts are not. Browsers flag this by hiding the lock icon or showing a warning.
The check reports which resources are loaded over HTTP and on which pages. This includes images, JavaScript files, CSS files, fonts, and any other embedded content that breaks the secure connection.
Why it matters
Mixed content undermines HTTPS. If your page loads over HTTPS but an image loads over HTTP, the connection is only partially secure. Browsers may block the insecure resource, break your page layout, or show a warning that erodes visitor trust.
Mixed content often appears after a site migration to HTTPS. Internal links and embedded resources may still reference the old HTTP URLs. A single HTTP image can strip the lock icon from an otherwise secure page.
How to fix it
Update all resource URLs to use HTTPS. Search your HTML, CSS, and database for http:// references and change them to https://. If you use a CMS, check the site URL setting and media library paths.
For external resources, verify the source supports HTTPS. Most CDNs and image hosts do. If a resource is only available over HTTP, consider hosting it yourself over HTTPS.
Use protocol-relative URLs (starting with //) only as a last resort. The best practice is explicit https:// URLs. After fixing, run another scan to confirm no mixed content remains.
Example findings from a scan
2 images loaded over HTTP on /about
External script loaded via HTTP on /
Font file loaded over HTTP on /contact
Related checks
Frequently asked questions
What is mixed content?
Mixed content occurs when an HTTPS page loads resources (images, scripts, fonts) over plain HTTP. This breaks the secure connection and may trigger browser warnings.
Does mixed content affect SEO?
Indirectly. Mixed content can remove the lock icon, which hurts user trust and may increase bounce rates. Search engines also prefer fully secure sites.
How do I find all mixed content on my site?
Run a SiteCurl scan across your pages. The mixed content check flags every HTTP resource on every page. You can also check the browser console for mixed content warnings.
Can I check for mixed content without signing up?
Yes. The free audit checks for mixed content as part of a full seven-category scan. No signup required.
Is mixed content common after migrating to HTTPS?
Yes. It is one of the most common issues after an HTTPS migration. Internal links, images, and embedded content often still reference the old HTTP URLs.
Find mixed content on your site