I created a page that is HTTPS only. On my browsers, I always get a warning that the page includes resources that are not secured. I just can't find out why! Looking at the source code seems fine. All img src and javascript tags are using relative path (/images/...). It does not consider href links as resources does it?
Is there a way to know what actually is the source of that problem?
The easiest way is usually to look through the source (with the Find utility in your editor) for http:.
It is often part of some code that calls some Flash.
It's unlikely to be a hyperlink, but could it be a stylesheet? They're linked using the href attribute as well:
<link rel="stylesheet" href="...">
Also, how about stylesheets/Javascript that import other resources (other stylesheets, Ajax libraries, etc.)?
Edit: the image at https://www.makemeheal.com/classifieds/images/1.0/dline%5Fhmpmid1px.gif seems to be redirecting to a non-https version of its URL; the other images are under https://www.makemeheal.com/images/ which doesn't do that. Looks like a webserver config issue?
Try capturing all your traffic using Fiddler - it will help you identify any extraneous HTTP calls easily.
I guess you include some content that links to http. Try a search in the source on http://, ftp:// or anything alike. Also take a look at forms. Forms can also post to http by accident.
Is it possible to put the website online somewhere so we can take a look?
Perhaps you include a style sheet that refers to some image which is without ssl, or you reference some js which in turn references some other content over http?
Do you have any background images in your CSS that are referenced absolutely? Also, what about any iframe tags on the page with the src attribute set to an unsecure page?
+1 for using Fiddler.
One very quick check you can make is to only get the HTTPS content when prompted, and then see what is missing from your page once it is loaded. If is is a resource file, or a css file, or some javascript, or an image, then you will spot that virtually straight away.
