/tools/mixed-content crawls an HTTPS page and reports any resource still pointing at http:// — the classic mixed-content trap that breaks images, scripts, iframes and form actions silently on modern browsers (Chrome blocks active mixed content outright, passive in incognito).

Looks at every common URL attribute: src, href, action, poster, background, data-src, formaction, both single- and double-quoted. Results are grouped by attribute so you immediately see whether the problem is in