Mixed Content in Internet Explorer

I spent a significant amount of time today tracking down a problem on one of our web applications.

One of our customers complained about seeing the infamous This Page Contains Both Secure and Nonsecure Items warning every time they viewed any of the site’s pages with Internet Explorer.

This page contains both secure and nonsecure items

This error occurs when you are viewing a web site over an SSL (HTTPS) connection, but there are one or more nonsecure items on the page.

In the end, our particular manifestation was due to having numerous iframe objects embedded in our pages with their src properties set to either javascript:void(0) or nothing at all.

The fix was to change all of these to use javascript:""; for their src property.

I found several resources online that were helpful in getting to the bottom of this problem:

The first is EricLaw’s excellent blog posting on the subject.

The other is this checklist for ruling out the possible causes.