How can you tell exactly what insecure items are causing a browser to warn about mixed secure and insecure items?

google-chrome https

Solution 1:

I found that I get the "mixed content"-warning in Chrome even when there is no mixed content, if sometime during the session mixed content was already encountered on the domain.

(Also mentioned here: Why is Chrome reporting a secure / non secure warning when no other browsers aren't?)

Solution 2:

In Chrome's Developer Tools, the Console tab shows the resources that it won't load because they unsecure.

Solution 3:

You can add the "scheme" column to the Chrome developer tools network tab to show which requests were sent over http or https:

  1. Press F12 to show the developer tools
  2. Switch to the Network tab
  3. Right click in the column headers and select "Scheme"
  4. Reload the page to show which elements are loaded over http or https

Chrome developer tools, scheme column

Related

Disable Maven central repository
Eclipse 3.7 (Indigo) + Tomcat7 --- Cannot create a server using the selected type
Using multiple conditions (AND) in SASS IF statement
How can I make a bash command run periodically?
Difference between after_create, after_save and after_commit in rails callbacks
"Couldn't find a file descriptor referring to the console" on Ubuntu bash on Windows
Best Practices for Python Exceptions?
Google C++ style guide's No-exceptions rule; STL?
What's the best way to learn Smali (and how/when to use Dalvik VM opcodes)?
SSH Agent Forwarding with Ansible
Failed to execute goal maven release:prepare
AWS ECR GetAuthorizationToken