Finding All Insecure Content on a Secure Page
What's the most efficient way to find a list of all non-HTTPS URLs requested by an HTTPS page? If this kind of security violation happens, every browser alerts the user, but I can't find an easy way to find what exact URLs cause the violation.
The easiest way I've found so far is to use Firefox, but even then it's still not very convenient. First, I can right-click, select View Page Info, click the Media tab, and scroll through a list of URLs. However, this seems to only list image files, not CSS or JS includes that can also cause the error. For those, I have to use the Firebug extension, select the Net tab, and manually hover my mouse over each item to see the entire URL. Unfortunately, this can take a while if you have dozens of media files. Is there a better way?
Solution 1:
Note, in recent versions of Chrome, these errors will be displayed in the Javascript Console.
e.g.
The page at https://mysecuresite.com displayed insecure content from http://unsecuresite.com/some.jpg.
Solution 2:
Try: www.WhyNoPadlock.com It will give you a report of all insecure content on any https web page.
Solution 3:
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.
(disclaimer: I'm one of the developers)
Solution 4:
Recently had the same issue, using chrome developer tool it was easier to find.. In developer tool go to Security tab, you can find all non-https request