Insecure content is one of those things that can be tricky to find, even though it’s easy to workaround. Let’s start by being clear about what we’re talking about.
This will usually result in the browser not displaying the “padlock” icon in the address bar or even display a “mixed content” or “insecure content” warning. For example, this is what Chrome displays for an image that isn’t secure…
This post is about how you go about finding and fixing those references, so that you’re not relying on the browser or a third party service in order to fix these issues – it would be much better if your website was using 100% secure internal references, and as high a percentage of secure external references as possible as well.
A tool that I like to use is JitBit’s SSL Check. This will crawl your website (up to 400 pages) and return each page that includes one of these insecure references. You can then go to that page, view the page source, and search for “http:”. Now you’ve found them, it’s up to you to make the necessary changes.