Mixed content scanner
Scan an HTTPS page for HTTP-only src / href / action / poster / data-src resources that modern browsers block.
/tools/mixed-content crawls an HTTPS page and reports any resource still pointing at http:// — the classic mixed-content trap that breaks images, scripts, iframes and form actions silently on modern browsers (Chrome blocks active mixed content outright, passive in incognito).
Looks at every common URL attribute: src, href, action, poster, background, data-src, formaction, both single- and double-quoted. Results are grouped by attribute so you immediately see whether the problem is in