I have a page under SSL.
However, in IE6 I get a notification:
"This page contains both safe and insecure items," etc.
I looked at all the HTTP requests for this page in both Firebug and Wireshark, and it does not seem to be sent via plain HTTP, all resources are retrieved via SSL / TLS. However, IE6 still gives a notice of lack of confidence.
The filter that I use in Wireshark to filter Firefox:
http.user_agent eq "Mozilla / 5.0 (Windows; U; Windows NT 6.1; en-US; rv: 1.9.1.8) Gecko / 20100202 Firefox / 3.5.8"
For IE only:
http.user_agent eq "Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0, InfoPath. 2; MS-RTC LM 8; MALC) "
Update:
All three network protocol analyzers (Wireshark, Fiddler, Charles) show that all requests exceed HTTPS. IE6, 7, and 8 display "unsafe content" warnings. Does anyone know if there is anything else running IE?
Update 2:
Turns out it is tied to some JavaScript:
document.write("<script type='text/javascript' id=__ie_onload defer src=javascript:void(0)><\/script>");
This is IE specific for emulating the window.domReady event. src = javascript: void (0) is what launches IE to show an insecure notification.
Now I would like to replace with an javascript:void(0)equivalent that does not cause unsafe notification.
They also caused uncertainty:
javascript:;
about:blank;
This launched the IE version:
''
Any ideas?
: JS: http://closure-compiler.appspot.com/code/jscbfa82c39e2e310e33f1786fb9a83f9ee/default.js