๐Ÿ”’ Mixed Content Proxy Test

๐ŸŒ Current Page Security

โš ๏ธ Mixed Content Policy

Browser Security Rule: HTTPS pages cannot make requests to HTTP endpoints

๐Ÿงช Mixed Content Tests

โŒ Common Scenarios That Fail

# Page: https://example.com
# Proxy rule: api.service.com โ†’ http://my-proxy.local:8080
# Result: โŒ BLOCKED - Mixed content violation

โœ… Working Solutions

Option 1: Use HTTPS for Proxy Target

# Proxy rule: api.service.com โ†’ https://my-proxy.com
# Result: โœ… WORKS - Both HTTPS

Option 2: Setup HTTPS on Local Proxy

# Use mkcert or similar to create local HTTPS
# Proxy rule: api.service.com โ†’ https://localhost:8443
# Result: โœ… WORKS - HTTPS to HTTPS

Option 3: Browser Flags (Development Only)

# Chrome: --disable-web-security --disable-features=VizDisplayCompositor
# Firefox: security.mixed_content.block_active_content = false
# Result: โš ๏ธ WORKS but INSECURE

๐Ÿ”ง Extension Capabilities

Request Type HTTPS โ†’ HTTP Extension Override
Main Frame Navigation โš ๏ธ Warning shown โœ… Can redirect
fetch() / XHR โŒ Blocked โŒ Still blocked
Images / CSS โŒ Blocked โŒ Still blocked
Scripts / Modules โŒ Blocked โŒ Still blocked