开发者

Easy way to determine what content is not delivered using a secure HTTPS connection?

I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".

I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.

Is there an easy way to track down which items are not sent v开发者_StackOverflowia HTTPS?


You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.

In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.

Easy way to determine what content is not delivered using a secure HTTPS connection?


(source: josh3736.net)


I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)


I've used the following site before - I finding it easier than loading up firebug / fiddler.

http://www.whynopadlock.com/


You can use SslCheck

It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.

(disclaimer: I'm one of the developers)


In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.

Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.

Easy way to determine what content is not delivered using a secure HTTPS connection?


Using following tools could help:

  • Firefox's FireBug . opening tab Network shows you connection details to multiple resource
  • Fiddler - acts as sniffer allows you explore details of connect.


using firefox - view generated source vs viewing source

there is probably a javascript file that is creating a div/iframe that is insecure

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜