views:

31

answers:

2

In Firefox, I view my site and get no warnings about insecure mixed content.

Using FireBug, I can see that every request is https.

In Chrome, I get the https crossed out in the address bar.

Chrome's address bar

Chrome's error

I viewed source in Chrome and then ran this regex /http(?!s)/ but the only things it found were the href attributes for some external links and the doc type and http-equiv meta tags.

Using Chrome's Resource Tracking revealed all requests were https too.

This includes Google Analytics, jQuery from Google's CDN and Facebook like scripts.

Is there any specific tool I can use to show non https requests, or anything further I can try?

Would it help if I linked you to the live site?

Thanks!

+1  A: 

Do you have the HttpFox plugin for FireFox? That'd work, I think. Among other things, it reports on the URL, Method, Result Code, and bytes of all the assets that a web page requests. It's what I've used to trap the occasional non-HTTPS graphic, etc. I'm sure the other suggested tools would do the same...

LesterDove
Nope, but I'll go check it out now. Thanks.
alex
Damn, couldn't find any non HTTPS requests with it.
alex
+2  A: 

I would recommend Fiddler2.

From the site:

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Cory Larson
You accepted this answer... what did you find out?
Cory Larson