10

I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".

I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.

Is there an easy way to track down which items are not sent via HTTPS?

John
  • 32,403
  • 80
  • 251
  • 422

7 Answers7

10

You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.

In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.


(source: josh3736.net)

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
josh3736
  • 139,160
  • 33
  • 216
  • 263
5

I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)

Mauricio Scheffer
  • 98,863
  • 23
  • 192
  • 275
  • 1
    For anyone not immediately seeing the request protocol (like poor, blind me), you can see the full URL of the request by hovering over the name of it in the FF Firebug console – dKen Oct 09 '14 at 14:44
3

You can use SslCheck

It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.

(disclaimer: I'm one of the developers)

Alex from Jitbit
  • 53,710
  • 19
  • 160
  • 149
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – azurefrog Aug 20 '14 at 22:32
  • 1
    It's an online tool, just like "whynopadlock.com" mentioned in another answer (but more powerful since its a cralwer), how can I include "essential part"? – Alex from Jitbit Aug 21 '14 at 13:22
3

I've used the following site before - I finding it easier than loading up firebug / fiddler.

http://www.whynopadlock.com/

dochoffiday
  • 5,515
  • 6
  • 32
  • 41
2

In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.

Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.

enter image description here

Unpossible
  • 10,607
  • 22
  • 75
  • 113
1

Using following tools could help:

  • Firefox's FireBug . opening tab Network shows you connection details to multiple resource
  • Fiddler - acts as sniffer allows you explore details of connect.
Dewfy
  • 23,277
  • 13
  • 73
  • 121
1

using firefox - view generated source vs viewing source

there is probably a javascript file that is creating a div/iframe that is insecure

Geek Num 88
  • 5,264
  • 2
  • 22
  • 35