Mixed content and Internet Explorer 8.0

Hi everyone!

My name is Anshu. I am a support engineer in the Internet Explorer Core team at Microsoft. Today in this blog I am going to talk about a change in Internet Explorer 8.0 with respect to a setting related to security zone called “Display mixed content”.

Now to take you back in IE 7 when we go to an HTTPS page that has non-secure HTTP content we get to see a dialog box asking

“This page contains both secure and nonsecure items. Do you want to display the non secure items”

By clicking Yes, I will ask it to display the mixed content.

To Disable/ Enable/ Prompt the “Display Mixed Content”, click on Tools | Internet Options. In the Internet Options dialog, click the “Security” tab. Pick the zone that you want to change the setting for and click the “Custom Level” button. In the Settings area, scroll down to the “Miscellaneous” section and modify the area highlighted in the dialog show below.

clip_image001

..And the dialog which comes in IE 7

clip_image002

The reason for the warning is that you’re on an SSL-secured (https protocol) page that is attempting to load non-SSL (http protocol) content. Something to note is that the dialog does not prompt if you’re on an HTTP page and you request HTTPS URL.

Hypertext Transfer Protocol Secure (HTTPS) is an Application Layer protocol  that is a combination of HTTP and SSL (Secure Socket Layer) or TLS (Transport Layer Security).  HTTPS connections are used for secure transfer of data between the website and the client. Messages are secure since the HTTP message is encrypted via SSL or TLS and then sent on the network/internet. When the message is received by the addressed station, it decrypts the message.

The dialog was changed in IE 8 to encourage users to make the more secure choice by selecting ‘yes’.  Selecting ‘yes’ to the IE 7 dialog resulted in showing both secure and non-secure content.

clip_image004

Note:   Please consider the security implications outlined within the dialog before honoring the dialog request.  The Security dialog is being presented for your information and protection.

We changed the wording of the mixed content (The mixed content refers to HTTP and HTTPS content ) warning dialog to "Do you want to view only the web content that was delivered securely?" The buttons are "Yes/No".

If you want to display mixed content in IE 8 you should click "No". The previous versions of IE asked the user "Do you want to display the secure and non secure content?" You click "Yes" If you want to display mixed content.

Well, that’s all for today.  Thank you so much for you time!

Regards,

The IE Support Team