Reputation: 11788
How to identify mixed content in https website
I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.
The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.
Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:
Click in "What do these mean?" goes here which says:
The [crossed-lock] icon appears when Google Chrome detects high-risk mixed content, such as JavaScript, on the page or when the site presents an invalid certificate.
The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.
Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.
I've searched for anything else coming from http in the source, but didn't find anything.
Is there some way (site, chrome extension, firefox extension, whatever) that will show exactly which are the resources that are "unsecured"?
I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.
Upvotes: 12
Views: 22808
Answers (5)
Reputation: 37
Mixed content means contents of a web page are mixed with HTTP and HTTPS links. These links include your JS, CSS, Image, Video, Audio, Iframes etc.
If your website is enabled for HTTPS (SSL certificate has installed), make sure you serve only HTTPS contents throughout your web page.
Upvotes: 0
Reputation: 2237
Check the chrome console
You will get it like this,
The page at https://xys displayed insecure content from http://asdasda.png.
Make it http site to https then it will work.
Upvotes: 10
Reputation: 1032
Check your site in http://www.whynopadlock.com, which will give you a list of url which is not consider as secure by your browser.
Upvotes: 14
Reputation: 11788
I've found the problem using the Chrome Developer Tools. It was a js that's embedding a flash from an 3rd party site which it's using http.
Upvotes: 5
Reputation: 12566
Are you on Windows? Download and run Fiddler while browsing the site, and watch for HTTP connections.
Upvotes: 4
Related Questions
- How to deal with mixed content in a website which should be secured as https?
- Mixed content errors with https?
- How to verify if website has mixed content
- SSL not fully secured (How to find non https links)?
- Block all mixed content
- Mixed Content: HTTPS site without specification
- http content on a https page - Mixed content
- How to detect which content is not secured on mixed content SSL page.?
- Analyze page to see which resource is not transfered in https
- Determining which content was delivered securely and which wasn't