Reputation: 49421
See what content is not sent over HTTPS
I created a page that is HTTPS only. On my browsers, I always get a warning that the page includes resources that are not secured. I just can't find out why! Looking at the source code seems fine. All img src and javascript tags are using relative path (/images/...). It does not consider href links as resources does it?
Is there a way to know what actually is the source of that problem?
Upvotes: 1
Views: 493
Answers (7)
Reputation: 36852
I guess you could use the Net tab of Firebug to see that.
(source: ibm.com)
Upvotes: 4
Reputation: 21306
It's unlikely to be a hyperlink, but could it be a stylesheet? They're linked using the href attribute as well:
<link rel="stylesheet" href="...">
Also, how about stylesheets/Javascript that import other resources (other stylesheets, Ajax libraries, etc.)?
Edit: the image at https://www.makemeheal.com/classifieds/images/1.0/dline_hmpmid1px.gif seems to be redirecting to a non-https version of its URL; the other images are under https://www.makemeheal.com/images/ which doesn't do that. Looks like a webserver config issue?
Upvotes: 1
Reputation: 49985
+1 for using Fiddler.
One very quick check you can make is to only get the HTTPS content when prompted, and then see what is missing from your page once it is loaded. If is is a resource file, or a css file, or some javascript, or an image, then you will spot that virtually straight away.
Upvotes: 0
Reputation: 8234
Do you have any background images in your CSS that are referenced absolutely? Also, what about any iframe tags on the page with the src attribute set to an unsecure page?
Upvotes: 0
Reputation: 5113
I guess you include some content that links to http. Try a search in the source on http://, ftp:// or anything alike. Also take a look at forms. Forms can also post to http by accident.
Is it possible to put the website online somewhere so we can take a look?
Perhaps you include a style sheet that refers to some image which is without ssl, or you reference some js which in turn references some other content over http?
Upvotes: 0
Reputation: 8231
Try capturing all your traffic using Fiddler - it will help you identify any extraneous HTTP calls easily.
Upvotes: 3
Reputation: 944011
The easiest way is usually to look through the source (with the Find utility in your editor) for http:.
It is often part of some code that calls some Flash.
Upvotes: 0
Related Questions
- Easy way to determine what content is not delivered using a secure HTTPS connection?
- Find out what resources are not going over HTTPS
- Unsecure content over https
- Any tool available to detect what's not HTTPS on an encrypted page?
- How to detect which content is not secured on mixed content SSL page.?
- Analyze page to see which resource is not transfered in https
- How to find which element breaks HTTPS on a webpage?
- How can I determine on the server-side when an incoming request is HTTPS?
- Determining which content was delivered securely and which wasn't
- check https data with firebug