Okay so after some digging around I was able to find a script that will rewrite the response headers from http: -> https:

$url = http.getResponseHeader( "Content-Type" );  
   
if( !string.startsWith( $url, "text/html" ) ) break;  
   
$response = http.getResponseBody();  
   
$response = string.replaceAll( $response,   
  "http://", "https://" );  
   
http.setResponseBody( $response );

But I still get a blocked message showing up when I go to a VS that is doing SSL Decryption.

If a go to a site that is NOT using SSL Decryption I don't get any warnings that "Only secure content is being displayed"

Still something missing either in the response script or a setting somewhere.

Anyone else running into this?

Hello,

your script only looks for Content Type "text/html".

Maybe your server returns e.g. the XHTML content types, so the script would not activate?

-> http://www.w3.org/TR/xhtml-media-types/#media-types

Maybe you check in our browser (F12 developer tools, etc.), what content type your server is responding with, could be

application/xhtml+xml or application/xml as well.

Then add a log.info() command at the end with some debug notes, so you can be sure, that your script actually is active, as you can see the log in the vTM event log.

I also would limit the search/replace string to e.g. "http://www.example.com", including the hostname, because your script replaces *every* "http://", also the ones pointing to external sites, so the script replaces way too much.