browser-security

I'm working on an ecommerce application that has many HTTPS-only areas. This particular error only happens in IE (10 at least, haven't tried others) and it only happens on one HTTPS page in the entire application. From research, I gather this is IE's mixed-content warning. This is very confusing because IE is the only browser that has any issue with this page. All other relevant browsers don't complain about any mixed content. Can anyone shed some light on what sslnavacancel.htm is? Or, how to drill down further to get an idea of what resource may be actually causing this problem? Thanks in

What's the most efficient way to find a list of all non-HTTPS URLs requested by an HTTPS page? If this kind of security violation happens, every browser alerts the user, but I can't find an easy way to find what exact URLs cause the violation. The easiest way I've found so far is to use Firefox, but even then it's still not very convenient. First, I can right-click, select View Page Info, click the Media tab, and scroll through a list of URLs. However, this seems to only list image files, not CSS or JS includes that can also cause the error. For those, I have to use the Firebug extension,

I was trying to include JQuery on an existing website using console this way: var script = document.createElement('script'); script.src = 'http://code.jquery.com/jquery-1.11.1.min.js'; script.type = 'text/javascript'; document.getElementsByTagName('head')[0].appendChild(script); Then I got this error: Content Security Policy: The page's settings blocked the loading of a resource at http://code.jquery.com/jquery-1.11.1.min.js .. During development I might want to include external Javascript. I might not want to copy paste the entire JQuery code since it does not look neat. How to override the