More often than I like when designers edit some of our sites' pages, they include javascript or an external image our SSL pages that are not encrypted. For example if we have a page like this:
https://www.example.com/cart/EnterCreditCard
And the designer includes some non-encrypted image like this:
<img src='http://www.cardprocessor.com/logo.gif' />
Of course, this creates errors in all browsers:
What I'm looking for is a tool or plugin that lets me easily see what objects are not encrypted. A firefox extension or something along those lines would be great.
Edit: Ben pointed me in the right direction. If you're using Chrome, do a Ctrl-Shift-J to bring up the developer tools. Then click on Resources to see all the items on the page.
Look for a lock icon near your browser's location field. The lock symbol and related URL containing “https” simply mean that the connection between your web browser and the website server is encrypted, which is important.
The only way to solve the issue is for the website operator to obtain a TLS certificate and enable HTTPS on their site. This will allow your browser to connect securely with the HTTPS protocol, which it will do automatically once the website is properly configured.
For completeness, since Firefox was mentioned:
If you use Firefox with firebug installed, you see all of the assets downloaded on the Net panel. Hovering over each line gives you the full URL, so you can quickly scan for those http:
lines.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With