Find out what resources are not going over HTTPS

I have an ASP.NET site which should transport completely over HTTPS. However, in Google Chrome I get a warning that the page includes resources which are not secure. How can I find out which those resources are and why they wouldn't be going over HTTPS?

I've just had this problem in Chrome also. I checked in the Network tab but all resources were loaded over https.

Solution: close Chrome and re-open.

Chrome must cache its secure-content detection so that even when you fix the problems the insecure content message won't disappear.

Usually this occurs because you are loading Images, javascript include files or external CSS files without using https. You can use a program such as FireBug: http://getfirebug.com/

FireBug will tell you how your elements are loading and which aren't going through the ssl layer. If you don't have firefox, then I am pretty sure Chrome also has something similar to FireBug built in.

Here's how to use firebug:

1. Open firebug
2. Click on the Console Tab
3. Reload the page
4. Any https errors will show in the console and tell you which resource is not working.

Hope this helps

I have nothing to do with the people providing this online script, but it's easy and can be bookmarked in any browser.. works well and quickly to solve the problem.. http://www.whynopadlock.com

In Google Chrome: You can view the offending resource in the Console tab of the Inspect Element window.

It will be listed as: > The page at https://example.com/page displayed insecure content from http://example.com/resource

Of course you might have to reload the page with the Inspect Element window already open.

One of the easiest ways to do it is to right-click the page in Firefox and select View Page Info. Then go to the Media tab and find anything that is loading from http instead of https.

We've scratched our own itch and wrote a tool that crawls your web-site and tells you what pages have non-SSL resources on them. You just need to enter the root URL of your web site – no need to check every page manually.

http://www.jitbit.com/sslcheck/

I noticed that when I had this problem that a toolbar(uTorrent) was causing the error. I removed the toolbar and the error went away. Not sure why a toolbar would cause an error on my site, but no more problems here with the SSL certificate.

In Chrome, you can find out which resources were loaded via http versus https by doing the following:

1. In Wrench menu, choose Tools > Developer tools

2. Click on "Resources" toolbar icon

3. Expand the Frames folder to see the different pages. Expand the page whose resources you want to see. The individual Resources for the page are then listed, broken down by Images, Scripts, and Stylesheets

4. To see the URL that was used to load that resource, just hover the mouse over the resource name and the URL will appear, either with http or https. You can also click on an image name to see the image on the right side, along with its URL

To add to this I right-clicked on the column headings in the Network tab view and selected Protocol.

If you then click on the Protocol heading, the contents of the report will be grouped by HTTPS, etc

Chrome has their own developer tool.

you can right click a page, inspect it.. and then click the "network" tab and reload the page. you'll see the workflow.

I dont know if any one will be checking this answer Or you might have found the solution already, but anyway, my answer might help other people suffering from similar issue

http://www.whynopadlock.com/

This is the link that I used to check the insecure content /file which was being loaded to my page.

Hope it helps. :)

I just discovered same behaviour in chrome (firefox showed a green lock), even though all resources were loaded via https.

The reason in my case was that the server supported broken (google poodle) SSLv3.

Setting ssl_protocols to exclude SSLv2 in nginx.conf like so

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE

fixed the problem for me.

I consider it unfortunate that chrome doesn't make this reason more transparent. "this page loads some resources insecurely" is very misleading if not wrong.

If you want to crawl your own site from your own desktop for a list of all reasources loaded (not loaded by javascript though, which is worth bearing in mind), if using windows you can use Xenu's link sleuth. Export the TSV file and then right click and open with excel, then sort by URL, you can then find those pesky http resources for all pages on the site!