Unsecured Content v2
Overview
Version 1 of this script is limited in the type of content it searches for. Version 2 collects all requests made on the page, regardless of file type. Additionally, any request made without a secure connection is identified.
Under Variable Summary report in ObservePoint data, the account Unsecured Content 2 contains the relevant variables.
- failed: Shows all the URLs and a status of failed. This means that the URL is not secured.
- nonSecure_Requests.0-xx: Shows the pages that contain unsecured content.
- nonSecure_Requests.length: Shows the number of unsecured items for each URL.
To capture the following details in an audit or Journey, paste the snippet below into an Execute Action:
function opReqGetAsync(paramObject, acct, callback) { var baseURL = "https://opreq.observepoint.com/?acct=" + acct; var opReq = new XMLHttpRequest(); opReq.onreadystatechange = function() { if (opReq.readyState == 4 && opReq.status == 200){ callback(opReq.responseText); } } opReq.open("POST", baseURL, true); opReq.send(JSON.stringify(paramObject)); }function unsecureContentCheck(){ var object = new Object(), page = location.href, allImgs = Object.keys(document.querySelectorAll('img[src]')).map(function(key){return document.querySelectorAll('img[src]')[key]}), allLinks = Object.keys(document.querySelectorAll('a[href]')).map(function(key){return document.querySelectorAll('a[href]')[key]}), allScripts = Object.keys(document.querySelectorAll('script[src]')).map(function(key){return document.querySelectorAll('script[src]')[key]}), regEx = /^https/, regEx2 = /^(http:)+.+\.+(txt|cvs|ppt|pdf|doc|docx|xls|xlsx)$/, unsecureFiles = [], unsecureImgs = [], unsecureLinks = [], unsecureScripts = [];for (var i = allImgs.length - 1; i >= 0; i--) { if(allImgs[i].src.search(regEx) == -1){ unsecureImgs.push(allImgs[i].src) } };for (var i = allScripts.length - 1; i >= 0; i--) { if(allScripts[i].src.search(regEx) == -1){ unsecureScripts.push(allScripts[i].src) } };if(location.href.search("https://") == -1) { for (var i = allLinks.length - 1; i >= 0; i--) { if(allLinks[i].href.search(regEx) == -1){ unsecureLinks.push(allLinks[i].href) } }; for (var i = allLinks.length - 1; i >= 0; i--) { if(allLinks[i].href.search(regEx2) == 0){ unsecureFiles.push(allLinks[i].href) } }; } object.page = location.href; object.totalLinks = allLinks.length; object.totalImages = allImgs.length; unsecureLinks.length == 0 ? object.unsecureLinks = 'no unsecure links found':object.unsecureLinks = unsecureLinks; unsecureImgs.length == 0 ? object.unsecureImages = 'no unsecure images found':object.unsecureImages = unsecureImgs; unsecureFiles.length > 0 ? object.unsecureFiles = unsecureFiles : object.unsecureFiles = 'no unsecure files found'; unsecureScripts.length > 0 ? object.unsecureScripts = unsecureScripts : object.unsecureScripts = 'no unsecure scripts found'; opReqGetAsync(object, "Unsecured Content 2"); };unsecureContentCheck();