A default installation of Internet Explorer 8 has some security settings that can be annoying at times though technically they are the correct way to have things configured. One that will pop up a lot if the default settings is left untouched the the display of “mixed content” or display a HTTPS URL that has HTTP content mixed into it. Technically when visiting a secure webpage being delivered over SSL there should not be any HTTP items on the page as it leaves the door open for a security breach. The problem is there are a ton of web sites out there that display mixed content.
**NOTE: This setting is the same for the Windows XP 32-Bit and Windows 7 64-Bit versions of Internet Explorer 8.
Mixed Content Display Error Prompt:
This prompt can either be disabled to never ask and at the same time never show non secure content on secure pages or you can enable the ability for the browser to display mixed content on secure pages. Even though it is not the correct way to do things I allow the browser to display mixed content .
To Modify the Display of Mixed Content Prompt Follow the Below Directions:
- Internet Options: Click on Tools in the top navigation and select Internet Options from the drop down.
- Custom Level Security: Now click on the Security tab and then click the Custom Level button near the bottom of the Security tab.
- Modify Mixed Content Prompt: Scroll down to the Miscellaneous section where you can select Disable, Prompt, or Enable for the “Display mixed content” option as shown in the below image.
- Save Settings: Once you have made your selection click the OK button, then the Apply button, and then the OK button to close Internet Options.
Restart your browser for the changes to start working. You will no longer get the prompt if you changed to Disable or Enable however if Disable was selected some pages may be missing images or other objects. If you did select Disable know that you made the correct choice when it comes to being secure online.
ASUS Eee PC 1000HE 10.1-Inch Black Netbook (Personal Computers)
|
||||||||
Windows Internet Explorer 8: Introductory Concepts and Techniques (Available Titles Skills Assessment Manager (SAM) – Office 2010) (Paperback)
|
||||||||
i am pretty much satisfied about the features and stability of Internet Explorer 8. it is much better than IE6 or IE7.
Hello Taylor,
I agree. I use a bunch of different browsers for different things. As far as IE goes I am currently using IE8 as well though I find Firefox better for some tasks, Opera better at others, and Safari better at others.
Thanks.
alex
Internet Explorer 8 seems to be the best browser for me. I can open more than 20 windows simultaneously without crashing. IE7 and IE6 is unstable that if you open more than windows at a time it just freezes or causes the blue screen.
Hello Acnerdz,
There is no question that IE8 is going to be better over time. I think some people are having trouble getting used to some of the changes with Internet Explorer 8 however over time they will get used to it.
Thanks.
alex
Internet Explorer 8 is so much better than the previous version of internet explorer browser. it is more stable and loads faster.
Hello Pamela,
I agree. I don’t like some of the addons that are installed by default like the phishing filter, the accelerators, etc. however since you can disable all of these you can definitely make IE8 really quick. I am a big fan though in general of IE8 at this point and it is my primary browser though for troubleshooting web applications I use every major browser since they all have benefits versus each other. Thanks for leaving feedback.
Thanks.
alex
That work fine, but if we want to evaluate that on server side then how can we do?
Hello Gayatri,
You would need to find any content that is being served as HTTP versus content served as HTTPS. A guess would be that images or something are being referenced as HTTP and the page itself is served as HTTPS.
Hope that helps.
Thanks.
alex
Hi alex,
I am getting an above error while displaying pages in IE8. So i want remove that message through code level.So can you suggest me any solution, As above solution work but it is not proper solution.
Thanks,
Gayatri
Hello Gayatri,
Please see the notes in the comment above.
Thanks.
alex
Hello Alex,
Yes you are right the pages content images, banners that are coming from a server that is not secured but i want to remove Pop of ” Do you want to view only the webpage content that was delivered securely?”.So how can i do with respect to coding?
Thanks,
Gayatri
Hello Gayatri.
I don’t know of a way to do this and would suggest against it. If data is transferred non securely this opens the door to people stealing information which is why this warns in the first place. The correct solution is to serve the ads over HTTPS.
Thanks.
alex
Hi alex,
In my application macro-media flash player uses http instead of https. so i have remove http & add https now its working fine.Thanks for your help.
Gayatri
Hello Gayatri,
Great news! Thanks for taking the time to follow up and let us know what resolved the issue!
Thanks.
alex
Well, i changed these settings in Internet Zone & the Trusted Sites Zone. Even though i was facing issue in Trusted zone, i had to change it in both of them to take effect.
Interestingly though, i never saw this pop-up before installing DivX on my system. Probably it triggers some security check mechanism in the browser.
Hello Naimesh,
Maybe there was something Divx related. Thanks for taking time to post your experience.
Thanks.
alex
Hi, I found a solution. It is impossible to publish a site where the User is told they have to (in their view) lower their security settings to use it , or even change anything to use the site – in my case a shop where web banners are blocked from view as soon as User logs in and non-image content is delivered via secure server and all banner images are blocked from view.
Google Analytics modified this code to overcome the issue, see
Hope it works for you. Please give feedback to say if does for you.
Hello Jonathon,
The issue can occur for many things which could include banners served over HTTP and not HTTPS. While I agree that you should not run a site expecting people to change their IE security settings this article was simply a information bit on how to modify the settings if you wanted to. It is definitely insecure and not recommended to do so. If you are a site admin you should make sure all content is served securely over HTTPS so users don’t run into this issue.
Thanks for taking the time to note your experience.
Thanks.
alex
Hi, apologies, I made a hurried post to your thread while in midst of a stressed resolution my shop site banner problem – intended to give help to thread readers. To clarify, any inference of ‘not the way to do things’ that I made was not aimed at this thread or any in it. If I attacked anyone, it would be Msoft for failing to understand how people run websites and content, as opposed to their assumption of it.
Wile I am am an IE ‘aficionado’ since its original issue, I have to say that Chrome, Ffox, Opera, Safari and probably others allow mixed secure / non secure server content to be served by default to same page. I have seen malware images served from secure servers, so why does Msoft bother to protect the unprotectable – unless I am missing something. A better way would be for the dialogue warning box to say “Warning – to block insecure content, click yes” with the default being to serve it mixed.
I haven’t looked to see how it is dealt with in the new IE9. I am p*****d off that IE9 does not support XP 64bit which I run and very happy with. Guess I have to go to Win7 x 64. Is should be bug fixed by now I hope.
Rgds Jonathan
Hello Jonathan,
No worries. I got the gist from the original post. I believe the point behind the warning is simply to make the unaware… aware of the security flaw of serving secure pages with non-secure data. Really any pages secured via HTTPS should not include banners in the first place especially if they are served from a location that you have no control over.
No worries also on the “not the way to do things” as I did not take it in a negative way. I think the above argument could be made in both directions however I personally would say that non-secure content should not be served over secure pages regardless of what it is. If the non-secure data is necessary then it means that the data being served on the page is not worth being secured in the first place.
If you get stuck in a bind, which it sounds like you are regarding the banners, where something you serve on these pages happens to be controlled by a third party then I would pressure the third party to provide a solution. It might be that they provide banners securely and non-securely? If so then you could write a simple script to wrap around the banner code/url and say if http then banner URL equals http://XX and if https then banner URL equals https://XX. I am sure you know all of that so I am pointing it out for anyone else that reads the comments here… :)
I will definitely agree on the fact of protecting the unprotectable… I don’t think you are missing anything at all and I could see the popup warning but again I think the philosophy here is to not serve the mixed content simply because everyone would click X to serve up all content regardless of it is secure or not…
Anyhow we could go round and round in circles about all of this all night and again I think both sides have valid points. I appreciate you taking all of the time to expand on your first post.
Thanks.
alex
PS – for understanding, it’s not simply a matter of managing the content properly. My banner issue is that the banners (270 of them) are from a merchant affiliate company, the banners have a tracking code for commission purpose. The banner image is served from a url addressing the affilate organisation’s own servers. The banner is entered into my site by using the url on an image placeholder.
I can neither access the banner image for upload to be served from our secure server, not make the company with the source server chnage theirs to https protocols. So, I am a bit stymied. Looking at the countless results for this problem that Google brings, I am not alone.
Rgds Jonathan
Hello Jonathan,
Have you tried contacting the third party company? I would imagine they have some sort of solution here since you cannot be the first person having this issue.
Once you do have a solution in place we would love to hear what it is.
Thanks.
alex
Bravo kind person! I have searched high and low for a solution to one question – Will disabling Display Mixed Content show only HTTP secured pages and not show unsecured content?
Most all the other websites I have visited for this answer only show how to enable mixed content to stop the crazy A box from showing up, BUT this can be dangerous! I only want secured pages and if a page somehow won’t show up right I can always go in and enable it temporarily. You answered my question and you deserve the TrueGeek award.
Many Thanks!
Hello CeCe,
Heh thanks! Glad to hear the information helped you out. It sounds like in your case you want to leave the setting as Prompt so you will be warned of non-secure content attempting to be displayed. That way on a case by case basis you can either display the content or not. Typically the non-secure content is an image or set of images that lack the proper relative links but the safest bet is always to not display such content. Anyhow thanks for taking the time to leave feedback and thanks for the recommendation for TrueGeek award. :)
Thanks.
alex