Unsecured Content v2

Overview

Version 1 of this script is limited in the type of content it searches for. Version 2 collects all requests made on the page, regardless of file type. Additionally, any request made without a secure connection is identified.

Under Variable Summary report in ObservePoint data, the account Unsecured Content 2 contains the relevant variables.

  • failed: Shows all the URLs and a status of failed. This means that the URL is not secured.
  • nonSecure_Requests.0-xx: Shows the pages that contain unsecured content.
  • nonSecure_Requests.length: Shows the number of unsecured items for each URL.

To capture the following details in an audit or web journey, paste the snippet below into an Execute Action:

function opReqGetAsync(paramObject, acct, callback) { 
var baseURL = "https://opreq.observepoint.com/?acct=" + acct; 
var opReq = new XMLHttpRequest(); 
opReq.onreadystatechange = function() { 
if (opReq.readyState == 4 && opReq.status == 200){ 
callback(opReq.responseText); 
} 
} 
opReq.open("POST", baseURL, true); 
opReq.send(JSON.stringify(paramObject)); 
}function unsecureContentCheck(){ 
var object = new Object(), 
page = location.href, 
allImgs = Object.keys(document.querySelectorAll('img[src]')).map(function(key){return document.querySelectorAll('img[src]')[key]}), 
allLinks = Object.keys(document.querySelectorAll('a[href]')).map(function(key){return document.querySelectorAll('a[href]')[key]}), 
allScripts = Object.keys(document.querySelectorAll('script[src]')).map(function(key){return document.querySelectorAll('script[src]')[key]}), 
regEx = /^https/, 
regEx2 = /^(http:)+.+\.+(txt|cvs|ppt|pdf|doc|docx|xls|xlsx)$/, 
unsecureFiles = [], 
unsecureImgs = [], 
unsecureLinks = [], 
unsecureScripts = [];for (var i = allImgs.length - 1; i >= 0; i--) { 
if(allImgs[i].src.search(regEx) == -1){ 
unsecureImgs.push(allImgs[i].src) 
} 
};for (var i = allScripts.length - 1; i >= 0; i--) { 
if(allScripts[i].src.search(regEx) == -1){ 
unsecureScripts.push(allScripts[i].src) 
} 
};if(location.href.search("https://") == -1) {
for (var i = allLinks.length - 1; i >= 0; i--) {
if(allLinks[i].href.search(regEx) == -1){
unsecureLinks.push(allLinks[i].href)
}
};
for (var i = allLinks.length - 1; i >= 0; i--) {
if(allLinks[i].href.search(regEx2) == 0){
unsecureFiles.push(allLinks[i].href)
}
};
}
object.page = location.href;
object.totalLinks = allLinks.length;
object.totalImages = allImgs.length;
unsecureLinks.length == 0 ? object.unsecureLinks = 'no unsecure links found':object.unsecureLinks = unsecureLinks;
unsecureImgs.length == 0 ? object.unsecureImages = 'no unsecure images found':object.unsecureImages = unsecureImgs;
unsecureFiles.length > 0 ? object.unsecureFiles = unsecureFiles : object.unsecureFiles = 'no unsecure files found';
unsecureScripts.length > 0 ? object.unsecureScripts = unsecureScripts : object.unsecureScripts = 'no unsecure scripts found';

opReqGetAsync(object, "Unsecured Content 2");

};unsecureContentCheck();
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.