混合内容检查工具
找出HTTPS页面所加载的HTTP资源。混合内容会触发浏览器警告,并可能被拦截。
如何使用本工具
- 1
Paste the full HTTPS URL of the page you want to check (for example https://example.com/pricing) into the input field.
- 2
Click Analyze. The tool fetches that page server-side and parses its HTML.
- 3
Review the results: each flagged item shows the tag and attribute (such as script.src or img.src) and the exact http:// URL found.
- 4
Rewrite each listed URL to https:// in your source or CMS, then re-run the check to confirm the count drops to zero.
什么是混合内容检查工具?
当一个HTTPS页面通过HTTP加载脚本、图片或样式表时,浏览器会将其视为“混合内容”:HTTPS的安全保障因此被削弱。主动型混合内容(脚本、iframe)会被现代浏览器完全拦截;被动型混合内容(图片)则会显示警告。本工具会找出HTTPS页面上的每一个HTTP资源,以便你进行修复。
常见使用场景
Confirming a freshly migrated WordPress or static site no longer hard-codes any http:// asset URLs after switching the domain to HTTPS.
Tracking down which third-party script, font, or analytics tag is causing the browser's 'not fully secure' shield warning on a single page.
Spot-checking a marketing landing page before launch so embedded images and iframes do not get silently blocked under HTTPS.
Auditing a CMS-published article whose author pasted an old http:// image URL that breaks the padlock on an otherwise secure blog.
Verifying that a CDN or reverse-proxy change did not leave a stylesheet or favicon link pointing at the insecure HTTP origin.
Giving a client a concrete, line-by-line list of insecure references to fix rather than a vague 'your SSL is broken' complaint.