First step for T102367 is to find unsecure resources.
How do we do this? Options I see:
- make a list of tools.wmflabs.org URLs and test them all for unsecure resources with a simple URL fetching script;
- some smart ruby mechanize crawler to test all the domain recursively.