Reputation: 33715
Easy way to determine what content is not delivered using a secure HTTPS connection?
I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".
I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.
Is there an easy way to track down which items are not sent via HTTPS?
Upvotes: 10
Views: 18974
Answers (7)
Reputation: 145002
You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.
In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.
(source: josh3736.net)
Upvotes: 10
Reputation: 60812
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.
(disclaimer: I'm one of the developers)
Upvotes: 3
Reputation: 10697
In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.
Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.
Upvotes: 2
Reputation: 5575
I've used the following site before - I finding it easier than loading up firebug / fiddler.
Upvotes: 3
Reputation: 5312
using firefox - view generated source vs viewing source
there is probably a javascript file that is creating a div/iframe that is insecure
Upvotes: 1
Reputation: 23634
Using following tools could help:
- Firefox's FireBug . opening tab Network shows you connection details to multiple resource
- Fiddler - acts as sniffer allows you explore details of connect.
Upvotes: 1
Reputation: 99750
I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)
Upvotes: 5
Related Questions
- See what content is not sent over HTTPS
- Find out what resources are not going over HTTPS
- How to identify mixed content in https website
- Any tool available to detect what's not HTTPS on an encrypted page?
- How to detect which content is not secured on mixed content SSL page.?
- Analyze page to see which resource is not transfered in https
- How can I determine on the server-side when an incoming request is HTTPS?
- How to verify that secure https pages load without any browser warnings?
- Determining which content was delivered securely and which wasn't
- Identify the destination in HTTPS connections