Skip to main content
All CollectionsObservePoint Custom Tag
OP Custom Tag - Unsecured Content v2
OP Custom Tag - Unsecured Content v2
Luiza Gircoveanu avatar
Written by Luiza Gircoveanu
Updated over 6 months ago

Overview

Version 1 of this script is limited in the type of content it searches for. Version 2 collects all requests made on the page, regardless of file type. Additionally, any request made without a secure connection is identified.

Under Variable Summary report in ObservePoint data, the account Unsecured Content 2 contains the relevant variables.

  • failed: Shows all the URLs and a status of failed. This means that the URL is not secured.

  • nonSecure_Requests.0-xx: Shows the pages that contain unsecured content.

  • nonSecure_Requests.length: Shows the number of unsecured items for each URL.

To capture the following details in an Audit or Journey, paste the snippet below into an Execute Action:

function opReqGetAsync(paramObject, acct, callback) {
var baseURL = "https://opreq.observepoint.com/?acct=" + acct;
var opReq = new XMLHttpRequest();
opReq.onreadystatechange = function() {
if (opReq.readyState == 4 && opReq.status == 200) {
callback(opReq.responseText);
}
}
opReq.open("POST", baseURL, true);
opReq.send(JSON.stringify(paramObject));
}

function unsecureContentCheck() {
var object = new Object(),
page = location.href,
allImgs = Object.keys(document.querySelectorAll('img[src]')).map(function(key) {
return document.querySelectorAll('img[src]')[key]
}),
allLinks = Object.keys(document.querySelectorAll('a[href]')).map(function(key) {
return document.querySelectorAll('a[href]')[key]
}),
allScripts = Object.keys(document.querySelectorAll('script[src]')).map(function(key) {
return document.querySelectorAll('script[src]')[key]
}),
regEx = /^https/,
regEx2 = /^(http:)+.+\.+(txt|cvs|ppt|pdf|doc|docx|xls|xlsx)$/,
unsecureFiles = [],
unsecureImgs = [],
unsecureLinks = [],
unsecureScripts = [];
for (var i = allImgs.length - 1; i >= 0; i--) {
if (allImgs[i].src.search(regEx) == -1) {
unsecureImgs.push(allImgs[i].src)
}
};
for (var i = allScripts.length - 1; i >= 0; i--) {
if (allScripts[i].src.search(regEx) == -1) {
unsecureScripts.push(allScripts[i].src)
}
};
if (location.href.search("https://") == -1) {
for (var i = allLinks.length - 1; i >= 0; i--) {
if (allLinks[i].href.search(regEx) == -1) {
unsecureLinks.push(allLinks[i].href)
}
};
for (var i = allLinks.length - 1; i >= 0; i--) {
if (allLinks[i].href.search(regEx2) == 0) {
unsecureFiles.push(allLinks[i].href)
}
};
}
object.page = location.href;
object.totalLinks = allLinks.length;
object.totalImages = allImgs.length;
unsecureLinks.length == 0 ? object.unsecureLinks = 'no unsecure links found' : object.unsecureLinks = unsecureLinks;
unsecureImgs.length == 0 ? object.unsecureImages = 'no unsecure images found' : object.unsecureImages = unsecureImgs;
unsecureFiles.length > 0 ? object.unsecureFiles = unsecureFiles : object.unsecureFiles = 'no unsecure files found';
unsecureScripts.length > 0 ? object.unsecureScripts = unsecureScripts : object.unsecureScripts = 'no unsecure scripts found';

opReqGetAsync(object, "Unsecured Content 2");

};
unsecureContentCheck();
Did this answer your question?