1. Summary

It would be nice, if would be possible check mixed (unsecured) content locally.

2. Argumentation

2.1. About

Read about mixed content. It not good for https sites.

2.2. How can an error occur

I've a https site. I add to it images, videos and so on, which are located on third-party sites. I can't see protocol of third-party site → I've unsecured content on my site.

3. Example of expected behavior

3.1. Checking process

The rule simply should check that there is no http in src and some other attributes. Example:

• ✔️ Good:

<img src="https://example.com/KiraGoddess.jpg" alt="Kira Goddess!">

• ❌ Bad:

<img src="http://example.com/KiraGoddess.jpg" alt="Kira Goddess!">

Crawlers or localhost will not need.

3.2. Attributes list

• Passive content list
• Active content examples

Also, it would be nice to support data-src attribute for img, which is used on plugins for lazy loading.

4. Not helped

4.1. Web tools

I couldn't find, how I can use web-services like these programmatically, in development process:

• Missing Padlock
• JitBit SSL Check

4.2. CLI tools

I found these tools:

• check-mixed-content
• https-mixed-content-check

They're not doing what's described in my request. They crawl web-pages and links in them. Pages of my site may be not checked, unlike hundreds pages of third-party web-pages.

In addition, domain required for these packages. Files directly or localhost checking doesn't support; I can't use checking in development process; I need push files to hosting.

4.3. HTML linters

I check my site, use 4 HTML linters (The Nu Html Checker, HTML Tidy, htmllint, HTMLHint) → I couldn't find them the desirable feature.

Thanks.