Mixed Content Checker

Find HTTP resources on HTTPS pages. Detect mixed content issues that cause browser warnings and security risks.

What does Mixed Content Checker do?

This actor scans HTTPS web pages for mixed content -- HTTP resources loaded on secure pages. It checks scripts, stylesheets, images, media, iframes, forms, and CSS url() references. Mixed content causes browser security warnings and can break page functionality.

The actor loads each page in a browser, inspects all resource references, and categorizes them by protocol (HTTPS, HTTP, data URI, relative). Any HTTP resource on an HTTPS page is flagged as mixed content with its type, source URL, and location in the DOM.

Use cases

• Security auditing -- find insecure resources that trigger browser warnings and compromise the security of HTTPS pages
• HTTPS migration -- verify all resources are upgraded after HTTP to HTTPS migration with no leftover HTTP references
• Compliance checking -- ensure pages meet security standards that require full HTTPS resource loading
• SEO monitoring -- mixed content can affect search rankings and cause Google to flag pages as partially insecure
• Quality assurance -- catch mixed content before production deployment to prevent user-facing browser warnings

Why use Mixed Content Checker?

• Deep scanning -- checks scripts, stylesheets, images, media, iframes, forms, and CSS url() references, not just top-level resources
• Browser-based detection -- uses a real browser to find mixed content that static analysis would miss, including dynamically loaded resources
• Structured output -- get clean JSON with resource counts by protocol, individual mixed content items, and page metadata
• Batch processing -- scan hundreds of URLs in a single run to audit entire sites after HTTPS migration
• API access -- integrate mixed content monitoring into CI/CD pipelines or deployment verification workflows
• Pay-per-event pricing -- only pay per page checked with no monthly fees

Input parameters

Parameter	Type	Required	Default	Description
urls	array	Yes	--	List of HTTPS web page URLs to check for mixed content. Each URL is loaded in a browser and all resource references are inspected.

Example input

{
    "urls": [
        "https://www.google.com",
        "https://en.wikipedia.org/wiki/Web_scraping",
        "https://example.com"
    ]
}

Output fields

Each URL produces one record with the following fields:

Field	Description
url	The original URL provided in the input
title	The page title
isHttps	Whether the page was served over HTTPS
mixedContentCount	Total number of HTTP resources found on the HTTPS page
mixedContentItems	Array of mixed content items with URL, resource type, and element tag
resourceCounts	Breakdown of all resources by protocol (https, http, dataUri, relative, other)
hasMixedContent	Boolean shortcut indicating whether any mixed content was found
error	Error message if the check failed, null otherwise
checkedAt	ISO 8601 timestamp of the check

Output example

{
    "url": "https://example.com",
    "title": "Example Domain",
    "isHttps": true,
    "mixedContentCount": 0,
    "mixedContentItems": [],
    "resourceCounts": {
        "total": 2,
        "https": 0,
        "http": 0,
        "dataUri": 0,
        "relative": 2,
        "other": 0
    },
    "hasMixedContent": false,
    "error": null,
    "checkedAt": "2026-03-01T12:00:00.000Z"
}

How to check for mixed content on your website

1. Go to Mixed Content Checker on Apify Store.
2. Enter your HTTPS page URLs in the urls field.
3. Click Start and wait for the run to finish.
4. Review the results -- each page shows whether mixed content was found and lists the offending resources.
5. Download your results as JSON, CSV, or Excel from the Dataset tab.

How much does it cost to check for mixed content?

Mixed Content Checker uses Apify's pay-per-event pricing. You only pay for what you use.

Event	Price	Description
Start	$0.035	One-time per run
URL checked	$0.001	Per page checked

Cost examples:

• 10 pages: $0.035 + 10 x $0.001 = $0.045
• 100 pages: $0.035 + 100 x $0.001 = $0.135
• 1,000 pages: $0.035 + 1,000 x $0.001 = $1.035

Using the Apify API

You can start Mixed Content Checker programmatically using the Apify API. Replace YOUR_TOKEN with your Apify API token.

Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_TOKEN' });
const run = await client.actor('automation-lab/mixed-content-checker').call({
    urls: ['https://example.com', 'https://www.google.com'],
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Python

from apify_client import ApifyClient

client = ApifyClient('YOUR_TOKEN')
run = client.actor('automation-lab/mixed-content-checker').call(run_input={
    'urls': ['https://example.com', 'https://www.google.com'],
})
items = client.dataset(run['defaultDatasetId']).list_items().items
print(items)

cURL

curl "https://api.apify.com/v2/acts/automation-lab~mixed-content-checker/runs" \
  -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{"urls": ["https://example.com", "https://www.google.com"]}'

Use with AI agents via MCP

Mixed Content Checker is available as a tool for AI assistants via the Model Context Protocol (MCP).

Setup for Claude Code

$claude mcp add --transport http apify "https://mcp.apify.com"

Setup for Claude Desktop, Cursor, or VS Code

{
    "mcpServers": {
        "apify": {
            "url": "https://mcp.apify.com"
        }
    }
}

Example prompts

• "Check for mixed content issues on our HTTPS site"
• "Find HTTP resources loaded on these HTTPS pages"

Learn more in the Apify MCP documentation.

Integrations

Connect Mixed Content Checker with other tools using Apify integrations. Export results to Google Sheets for migration tracking, send Slack alerts when mixed content is detected on production pages, trigger Make or Zapier workflows for automated remediation, push data to n8n for custom pipelines, or configure webhooks to run checks after every deployment.

Tips and best practices

• Run after HTTPS migration to verify that no HTTP resources were left behind -- even a single mixed content item can trigger browser warnings.
• Check the mixedContentItems array for the exact URLs and resource types that need updating in your codebase.
• Focus on active mixed content first -- scripts and stylesheets loaded over HTTP are blocked by modern browsers, while images may only show a warning.
• Schedule regular scans to catch regressions when new content, third-party scripts, or CMS updates reintroduce HTTP references.
• Combine with SSL Certificate Checker to ensure both your certificates and page resources are fully secured.

Legality

This tool analyzes publicly accessible web content. Automated analysis of public web resources is standard practice in SEO and web development. Always respect robots.txt directives and rate limits when analyzing third-party websites. For personal data processing, ensure compliance with applicable privacy regulations.

FAQ

What is mixed content? Mixed content occurs when an HTTPS page loads sub-resources (images, scripts, stylesheets) over HTTP. Browsers either block these resources or show security warnings, depending on the resource type and browser settings.

Does this actor check pages served over HTTP? The actor is designed for HTTPS pages. If you provide an HTTP URL, it will load the page but the concept of mixed content only applies to HTTPS pages loading HTTP resources.

The actor reports no mixed content, but my browser shows a mixed content warning. Why? The actor checks the HTML source for resource references. Some mixed content is introduced by third-party scripts that dynamically load HTTP resources after page render. Since these resources are injected at runtime, they may not appear in the initial HTML scan. Additionally, browser extensions can trigger mixed content warnings that are unrelated to the page itself.

What is the difference between active and passive mixed content? Active mixed content (scripts, stylesheets, iframes) is blocked by most modern browsers because it can alter page behavior. Passive mixed content (images, audio, video) may only trigger a warning. The actor detects both types.

Other SEO tools

• Link Extractor -- extract all links from web pages with anchor text and rel attributes
• Broken Link Checker -- find broken links and 404 errors across your website
• Internal Link Analyzer -- analyze internal link structure and anchor text distribution
• Mobile Friendly Checker -- check mobile-friendliness with viewport and responsive design analysis
• SEO Title Checker -- audit page titles for SEO best practices
• Website Health Report -- comprehensive website health and performance audit