Find out which elements are not served via SSL

  • saib0t

    (@saib0t)


    6 years ago

    Hi,

    I set up my wordpress site and I am quite happy with it. But looking in Firefox’s SSL indicator in the adress bar, tells me, that parts of my site are not secured. I turned on SSL on my hosts settings (Strato). But still it seems that something is not delivered securely. How can I find out what it is? My first guess was the plugin Optimole, which optimizes images and serves as a CDN for them. But as far as I understood it, it should use SSL. What else could it be? I am not using another CDN.

    Many thanks in advance

    saib0t

    • This topic was modified 6 years ago by saib0t.

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    I’m not seeing any mixed content issues on your home page. Is there some specific page that’s the issue?

    Thread Starter saib0t

    (@saib0t)

    6 years ago

    Actually yes. The homepage seems to be secure, whereas https://brightdecide.com/e-mountainbike-vergleich/ isn’t

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    THis is the error:

    Mixed Content: The page at 'https://brightdecide.com/e-mountainbike-vergleich/' was loaded over HTTPS, but requested an insecure image 'http://i.stack.imgur.com/FhHRx.gif'. This content should also be served over HTTPS.

    The image is an animated circle, so I suspect it may be part of your theme or a plugin. I don’t see it referenced directly on the page.

    Please attempt to disable all plugins, and use one of the default (Twenty*) themes. If the problem goes away, enable them one by one to identify the source of your troubles.

    If you can install plugins, install “Health Check”: https://wordpress.org/plugins/health-check/ On the troubleshooting tab, you can click the button to disable all plugins and change the theme for JUST you, while you’re still logged in, without affecting normal visitors to your site. You can then use its admin bar menu to turn on/off plugins and themes one at a time. See https://make.wordpress.org/support/handbook/appendix/troubleshooting-using-the-health-check/ or https://rankmath.com/kb/check-plugin-conflicts/ for more information.

    Thread Starter saib0t

    (@saib0t)

    6 years ago

    Alright. I know where this circle comes from. It’s used by a custom built plugin. So I guess I have to replace this reference with a gif that’s hosted locally right?
    From curiosity: How did you find it out so fast?

    Thank you

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    I used the error console on the chrome inspector.

    Chrome Developer Tools

    Thread Starter saib0t

    (@saib0t)

    6 years ago

    I swaped the gif with one that I uploaded manually in the media section of wordpress. But the error console still tells me, that it is unsecured. I cleared the cache of the Optimole plugin. Why would this be the only image from all the images I uploaded in WordPress, that’s not served over https?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    The image is now 'http://brightdecide.com/wp-content/uploads/2020/06/ajax-loader.gif. It needs to be https, not http. How did you swap it?

    Thread Starter saib0t

    (@saib0t)

    6 years ago

    I just swaped the link in my css file. The link I set there, is the one you mentioned, but with https. The link WordPress shows me for this file, is a http link (like with any other media I uploaded there). But it’s the only one to be delivered unsecure.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    Please disable autoptimize for a while so I can look at your raw CSS files.

    Thread Starter saib0t

    (@saib0t)

    6 years ago

    Now it’s working. It seems, that it just took a while.
    By the way, I see. that the error console still shows another error:

    Failed to set referrer policy: The value ” is not one of ‘no-referrer’, ‘no-referrer-when-downgrade’, ‘origin’, ‘origin-when-cross-origin’, ‘same-origin’, ‘strict-origin’, ‘strict-origin-when-cross-origin’, or ‘unsafe-url’. The referrer policy has been left unchanged.

    Any idea what that means?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    6 years ago

    Nope; but it’s not a WordPress thing. 🙂

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Find out which elements are not served via SSL’ is closed to new replies.