Walker News

Disable IE8 Security Warning When Browse Mixed Content Web Page

From security point of view, a web page delivered over HTTPS protocol should not contain any elements loaded from HTTP source.

The reason is simple to understand. Imagine what will happen if the logo of a reputable Internet banking site coming from insecure HTTP source is tampered and replaced with a Bunny logo? That might not pose serious threat to the Internet banking site, but what if a significant banner being replaced with a phishing message?

Although the fault comes from web developer, modern web browsers with security in mind will have to include preventive measure when loading web page with mixed contents (i.e. a secured web page with some resources reference to HTTP hyperlink that transmit content in “plain text” or unencrypted form).

For example, Microsoft Internet Explorer 8 displays this Security Warning message “Do you want to view only the web page content that was delivered securely?” when user access to a secured web page that contains HTTP hyperlinked resources:

IE 8 display Security Warning message when a page contains content that will not be delivered using secure HTTPS connection, which could compromise the security of the entire web page.

However, you might want to disable this “disgusting” security warning message if you’re regularly browsing a known site with web page of mixed content, since you can’t make a call to the site owner and force him to clean up (can you?).

Step to disable IE 8 Security Warning message box

Option to force IE8 enable loading of mixed content web page, i.e. to disable Security Warning message.

1) Open IE 8, press ALT+T to bring up “Tools” menu and select the “Internet Options”. Alternatively, press ALT+T+O, or you can also click the “Tools” icon on the top-right corner followed by “Internet Options”.

2) In the “Internet Options” dialog box, click “Security” tab, select “Internet” security zone (default; if that website is not hosted in Intranet) and then “Custom level” button.

3) In the “Settings” scroll box, look for “Display Mixed Content” under the “Miscellaneous” section and select “Enable”:

4) Click OK button when you’re prompted with another warning that says “Are you sure you want to change the settings for this zone?”.

In my test under Vista SP2 and IE8, this change effective immediately without need of restarting web browser.

Custom Search

  1. IE8 Not Display Gmail Inline Image 10-12-09@01:22

    [...] Or, a hyperlink / URL referring to image hosted elsewhere. Most of the pictures in newsletters or email subscriptions are of this type (such as Walker News email feed), i.e. the images are supposed to be sourced from external sites with reference to the image URLs. When you open an email containing inline images of 2nd type (URL of image rather than attachment), IE8 might display a security warning dialog box as follow, if the image URL is not of HTTPS protocol: By simply hit ENTER key or click Yes button in response to that security warning prompt, IE8 honour the acknowledgment of only showing webpage content that is delivered securely. That is why you only see the image placeholders instead of the images that should be sourced from external sites over the insecure HTTP protocol. How to get IE8 to display insecure inline image when Gmail session is secured by HTTPS protocol? Apparently, you can click No button when the mix-content security warning prompt pops up, which in effect telling Internet Explorer proceed to retrieve and render the images from external sources, regardless over HTTP or HTTPS protocol. Alternatively, you can configure IE8 security settings to always allow mixed-content automatically without asking you to acknowledge it. For reference, refer to an earlier post on how to how to disable IE8 security warning when browsing web page with mixed content. [...]

  2. Azlie 24-06-10@17:25

    Click Tools -> Internet Options -> Security (Tab) -> Trusted Site -> Sites -> Empty Websites Box and uncheck “Require server verification”
    Hope this will help u. Thanks

  3. edwin 05-08-10@01:24

    thank you fineally that secrity is gone about time

2014  •  Privacy Policy