External CSS and JS loaded over HTTP instead of HTTPS

[command-tab]

trafficstars

While running Safari Technology Preview 14 on OS X El Capitan 10.11.6, sqltap loads several external CSS and JavaScript resources over HTTP instead of HTTPS. When the instrumented web app is running over HTTPS, the non-HTTPS resources requested by sqltap are refused by the browser:

Would it be possible to make external resources always load over HTTPS, or ship them within sqltap?

Thanks so much for making such a great tool. It's one of my go-to debugging tricks!

Update: Chrome 53 behaves in the same way, but additionally reports that sqltap is insecurely loading the parent site's favicon.

[inconshreveable]

Happy to take a PR for this, it seems like a great idea.