Fixing the IE 8 warning – ‘Do you want to view only the webpage content that was delivered securely?’

calendarApril 23, 2009 in HTTPS , Internet Explorer

In a previous blog post, we talked about the problem of using HTTP based resources, such as images, on a secure HTTPS page. Internet Explorer interrupts the download and displays a confirmation dialog whenever it detects the use of mixed content on a secure page.

In IE 7 and ealier, this dialog would cause annoyance to users but generally didn’t cause any other significant problems. This was because it was worded in such a way that most users would click on the Yes button and allow non-secure content to be downloaded.

However, the wording in the IE 8 version of this dialog has changed:

IE8 Security Warning

To download the content a user would now have to click on the No button. As we know, most people using the web only scan text and avoid reading it if at all possible! They will usually go for the Yes button if there is not an OK button.

Some sites are going to find that their secure pages in IE 8 have the following problems:

  • Any non-secure HTTP image beacons used for analytics data gathering will often be ignored
  • The page may not display or even work correctly if it relies on non-secure images, CSS or Javascript

Therefore, avoiding mixed content on HTTPS pages is even more important now that IE 8 has been released. It often becomes an issue when using third party services such as analytics or Content Delivery Networks (CDN). For example, we avoided the use of Google hosted Ajax libraries on our site until Google added HTTPS support.

As mention in the previous blog post, an IE user you can disable this warning by:

  1. Going  to Tools->Internet Options->Security
  2. Select the Security tab
  3. Click on the Internet zone icon at the top of the tab page
  4. Click the Custom Level button
  5. In the Miscellaneous section change Display mixed content to Enable
  6. Repeat steps 1 – 5 for the Local intranet and Trusted sites zones

However, if you are developing a web site you can’t expect your visitors to do this. It is better to fix the cause of the problem so that the warning is not displayed by default in IE 8. The only way to do this warning is to ensure that your HTTPS pages only access embedded resources using the HTTPS protocol. You can do this by following these steps:

  1. Use a sniffer like HttpWatch that supports HTTPS and shows files being read from the browser cache. The free Basic Edition is sufficient for this because you only need to see the URLs being accessed.
  2. Access the page causing the problem and click No when you see the security warning dialog.
  3. Any HTTP resources shown  in the HttpWatch window are the source of the problem; even if they loaded directly from the browser cache and didn’t cause a network round trip:Mixed Content in HttpWatch
  4. If you don’t initially see any HTTP based resources, try refreshing the page because a non-secure image may have been retrieved from the IE or Firefox image cache

EDIT #1: If you are a web developer trying to track down why your page causes this warning please also take a look  at http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/ where we cover some javascript snippets that can also trigger this warning. The comments section of both of these posts also contain useful information where people have found and solved related issues.

EDIT #2: Updated instructions to apply the change to all network zones

267 thoughts on “Fixing the IE 8 warning – ‘Do you want to view only the webpage content that was delivered securely?’

  1. Chic Bowdrie says:

    This warning has only recently been popping up on my financial sites and I haven’t changed anything on IE for a long time. Is it possible that my computer was hacked? Is this fix the same thing as clicking “No”, ie allowing insecure items, enabling adverse consequences, etc?

  2. David says:

    This was very helpful for me. Thanks.

  3. Kansas says:

    Select No. Often times only certain info on websites is secure (encrypted) – like your name or credit card info. Other information is (insecure) not encrypted, for instance – the navigation menu and the site logo.

    So in order to ensure a normal browsing experience – Select “No” This will both display both the secure and unsecured content, meaning Mixed.

  4. Tom says:

    THANK YOU. I was not able to get onto Bank of America after re-installing XP on my computer. Their tech support had no clue whatsoever. You saved me pain and heartache.

  5. JD says:

    THANK YOU!! For some reason I was getting this any time I ran a search in Google (which I do a lot for my job), but no other time. This fixed it.

  6. ANN says:

    THANK YOU SO VERY MUCH. THIS WAS JUST A HASSLE TO CONSTANTLY CLICK “NO.” I DON’T HAVE TIME FOR HASSLES.

  7. nora says:

    THANK YOU! What a pain it was – you helped. Thx.

  8. IRA says:

    THIS WORKED GREAT!

  9. k villard says:

    MANY THANKS FOR POSTING THIS FIX…WORKS PERFECTLY :)

  10. shakeel says:

    THERE IS NO SECURITY RAB UNDER “TOOLS”–> INTERNET OPTIONS

  11. Ali says:

    Good Job :)

  12. Ken says:

    Thanks!!

  13. JoeR says:

    Yes, thank you! This fixed the problem for me too.

  14. Kishia says:

    Thank you so much! Our IT guy forgot how to set that and it’s our internal website that’s causing the pop up!

  15. Maureen says:

    t doesn’t work for me. After clicking’no’ I get a message ‘Internet Explorer’ cannot open this website and then I’m stuffed.

  16. klk says:

    Thankyou soo much.

  17. Bal says:

    Hi I just want to say that I was totally exasperated yestreday as I couldn’t go onto my account to give my electricity reading online to edf.fr Having googled the problem several times and not getting anywhere this morning decided to google why I was getting the security warning and hey presto followed your instructions and have just been able to get onto their site etc. Thank you what a genius!

  18. Sue says:

    Thank you. This has been bugging me for the last 2 months. Works like magic now, thanks!

  19. Rachel says:

    Thanks – That solved a very annoying problem.

  20. Ahmed says:

    That rally was a great fix. Thank You.

  21. Anony says:

    Thank you. This is exactly what I was looking for.

  22. Paul says:

    Thank you very much. This was VERY helpful.

  23. Anonymous says:

    You are truly amazing. Thank you.

  24. Edward says:

    Thank you very much. It’s work!!

  25. darek says:

    Thank you. This is exactly what I was looking for

  26. Marie says:

    You are a genius! I was going crazy scanning for viruses & basically bothering people online for help. No one told me about this. They were all scratching their heads. I still don’t understand this all of a sudden started happening. So stupid & lame to cause people unnecessary grief, stress! But thank you!

  27. Bob says:

    I tried this a number of times – restarted my computer and I still get the warnings – very frustrating!

  28. Ash says:

    Thanks a ton. Saved me a lot of pain and hair ripping frustration! God Bless

  29. Pat says:

    Hi, Im confused, This does what it is meant to in terms of identifying the http request which is causing the error message to appear but how exactly does this solve the issue..

  30. TraciS says:

    Thank you SO much!!! I was so annoyed with that aggravating message.. Worked like a charm.. I appreciate you brainiacs so, so very much! What would the world be like without you all!

  31. VD says:

    Thanks a ton! that annoying message has finally gone..

  32. Sekula says:

    I’ve put ‘Display Mixed Content’ to disabled.
    Logon page now has nothin else but logon window, and workd perfectly.
    Why do you think people should select enable?

  33. Young Grasshopper says:

    I love the Internet. Thanks!

  34. Leeanne says:

    The pop-up stopped but when I try to access sites from a google search the link reports back to the google homepage

  35. Jack says:

    Precious help, Thanks a million it works like a charm.

  36. shireesh says:

    Thanks a lot.

  37. S says:

    This worked…thanks so much!

  38. Pawan Pareek says:

    Thank you very much sir/mam..

  39. Paul says:

    Yeaaay! Thank you!

  40. Hang Le says:

    That’s great. Thank you so much!

  41. hasitha says:

    thanks.it worked.

  42. elle says:

    Thanks so much! I am also tired of constantly clicking that box that I think, being a computer, should automatically remember what it’s supposed to do after the 1st click to begin with !

  43. Mike says:

    I was having an issue with customers declining to make payments through my website because of the Security Warning. Using your methods above, I was able to quickly and easily identify and fix the issue.

    My template was including two googlecode scripts:

    and

    Adding an “s” to the end of “http” in both links fixed the issue.

    NO MORE SECURITY WARNING POPUPS.

    Thanks so much!!!

  44. Abhi says:

    Great, Thank You so much :)

  45. jessiebecks says:

    This was so annoying I downloaded Google Chrome and I did not get the message then but I prefer IE

  46. ronthedon says:

    Thanks for the excellent write up. Saved me from looking into each and every corner trying to fix this.

  47. prabu says:

    tnks

  48. R Mack says:

    Thank you :-) One more frustration defeated.

  49. Jersey Joker says:

    … and ANOTHER happy customer – this WAS extremely helpful. Also enabled “Mixed Content” under misc, which seems to have cleared ALL my “pop-up” issues.

    Thank you!

  50. doron says:

    thanks

Got Something to Say?

Your email address will not be published. Required fields are marked *

Ready to get started? TRY FOR FREE Buy Now