how to track down "this page contains both secure and nonsecure items"

Question

As far as I can tell, there are no unsecure items --- when I browse to the site with IE7 or FireFox 3 I don't get any such warning, but if I hit the site with IE6 I get the security informaiton dialog box "This page contains both secure and nonsecure items Do you want to display te nonsecure items?"

How can I track down the cause of that message?

Answer 1

As it turns out it has nothing to do with nonsecure traffic per se, but with a hack that one of the HTML boys did --- they have an empty iframe (without a source) that they place on the page, so they can then do some placed content on top of that --- gut the iframe out of the code and the warning dialog box went away. IE7/8 and FF doesn't do it.

AFter adding a blank.gif we're able to https to that gif (what a pain) and now it's all good.

Answer 2

Cross-site images often caused this problem for me in the past.

If you are using Firefox, you can use the HttpFox Add-on to do what Eric TenEyck suggested you do with Fiddler.

Plus make sure in your IE7 Security Settings you have Display mixed content set to "Prompt".

Answer 3

Use Fiddler, after clearing your cache. It'll show everything that your web browser fetches from the remote site. Look for anything that's not https.

Answer 4

• Right click on the page. Select "Show source code" (Or similar. I don't have an English IE).
• Search for "http://" and replace it with https:// in your code.

Answer 5

If you have a link that starts with http:// instead of https:// it'll flag those warnings.

The good news is that at least some commercial websites (like Adobe, for Flash) provide https:// versions of their site that redirect to http:// so that you can get around those warnings.

Since you mentioned IE6; I'd also check your security level setting in IE6.