HTTPS Checker

Is your site actually secure?

Paste a URL and check whether it loads over HTTPS, whether the http:// version redirects correctly, and whether any mixed content resources are slipping through on an insecure connection.

Run an HTTPS check

Live Tool
The tool fetches the page directly and scans the HTML it receives.
Waiting for a URL

Run a check to see the HTTPS and mixed content signals for this page.

Protocol
-
http→https
-
HSTS
-
Mixed Content
-

Findings

    Technical details

      What this tool can and cannot prove

      This tool fetches the URL you submit and checks the HTML it receives. It can detect whether the final response is served over HTTPS, whether the http:// version redirects, whether HSTS is present, and whether image, script, iframe, or form URLs in the HTML source are insecure. It cannot detect mixed content that JavaScript adds after the page loads, resources referenced only in CSS files, or issues on pages it does not visit.

      HTTPS is a ranking signal

      Google confirmed HTTPS as a lightweight ranking signal. More importantly, browsers warn visitors on unencrypted pages, which damages trust before a visitor even reads the content.

      Active mixed content breaks pages

      Scripts, stylesheets, iframes, and form actions loaded over http:// on an https:// page are blocked by modern browsers. This can silently break features visitors depend on.

      Passive mixed content erodes trust

      Images and media loaded over http:// may still load in some browsers, but the padlock icon disappears and some browsers display a security warning to the visitor.

      FAQ

      What is mixed content and why does it matter for SEO?

      Mixed content is when an https:// page loads resources like images, scripts, or stylesheets over http://. Browsers block or warn on mixed content, which can break pages and reduce visitor trust. Google uses HTTPS as a ranking signal, so insecure resources on an otherwise secure page can still create issues.

      What is the difference between active and passive mixed content?

      Active mixed content includes scripts, stylesheets, iframes, and form actions. Modern browsers block these automatically because they can alter the page. Passive mixed content includes images, video, and audio. Browsers may load these but display a warning or change the security indicator.

      Can this tool check every page on my site?

      No. The tool checks one URL at a time. It scans the HTML of the page you submit, but it does not crawl subpages, check CSS files for background image URLs, or detect mixed content loaded dynamically by JavaScript after the page renders.