混合內容檢查工具
找出 HTTPS 頁面所載入的 HTTP 資源。混合內容會觸發瀏覽器警告,並可能被攔截。
如何使用本工具
- 1
Paste the full HTTPS URL of the page you want to check (for example https://example.com/pricing) into the input field.
- 2
Click Analyze. The tool fetches that page server-side and parses its HTML.
- 3
Review the results: each flagged item shows the tag and attribute (such as script.src or img.src) and the exact http:// URL found.
- 4
Rewrite each listed URL to https:// in your source or CMS, then re-run the check to confirm the count drops to zero.
什麼是混合內容檢查工具?
當一個 HTTPS 頁面透過 HTTP 載入指令碼、圖片或樣式表時,瀏覽器會將其視為「混合內容」:HTTPS 的安全保障因此被削弱。主動型混合內容(指令碼、iframe)會被現代瀏覽器完全攔截;被動型混合內容(圖片)則會顯示警告。本工具會找出 HTTPS 頁面上的每一個 HTTP 資源,以便你進行修復。
常見使用場景
Confirming a freshly migrated WordPress or static site no longer hard-codes any http:// asset URLs after switching the domain to HTTPS.
Tracking down which third-party script, font, or analytics tag is causing the browser's 'not fully secure' shield warning on a single page.
Spot-checking a marketing landing page before launch so embedded images and iframes do not get silently blocked under HTTPS.
Auditing a CMS-published article whose author pasted an old http:// image URL that breaks the padlock on an otherwise secure blog.
Verifying that a CDN or reverse-proxy change did not leave a stylesheet or favicon link pointing at the insecure HTTP origin.
Giving a client a concrete, line-by-line list of insecure references to fix rather than a vague 'your SSL is broken' complaint.