Walker News

Why IE8 Displays Security Warning When Loading HTTPS Page?

Precisely, the previous post is about how to suppress IE 8 security warning message when loading a HTTPS web page that contains insecure HTTP resources (i.e. mixed content). But, that post also overloaded with “non-relevant” information.

Here, I would like to share with you better reference from MSDN, about why IE8 would like to display such security warning message box, which could be very annoying if you regularly visit to a known, secured web site with mixed content.

As said earlier, mixed content is a result of web developer, for some reason (lazy, inexperience, careless, preference?). However, a secure web browser has to be rigid when dealing with web page that could compromise security.

According to Eric Lawrence, the final decision of having IE 8 defaulted to a better-than-IE7 mixed content warning message box is still a modal dialog box, but updated with better and more meaningful alert message:

IE 8 display Security Warning message when a page contains content that will not be delivered using secure HTTPS connection, which could compromise the security of the entire webpage.

Can’t IE8 default to load HTTPS-only content and silently drop resources from the unsecured HTTP hyperlink? The answer is apparently NO, as this measure might break the web layout and mislead users to believe the new IE8 is really suck :-)

If you’re advanced geek and pretty sure the page with mixed content you’re accessing is trusted, and found the security warning kinda “disgusting”, you can force IE8 to suppress it, by setting Tools > Internet Options > Security > Internet Zone > Custom level > “Display mixed content” option to “Enable”.

Custom Search

2014  •  Privacy Policy