Can I get rid of the "This page contains both secure and nonsecure items" warning?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Summary: "Secure and nonsecure" items is most often the result of bad web page design. As a user it's difficult to avoid without lowering your guard.

Not that I'm aware of, and not that I would want to. Not being notified is in fact a security risk when visiting sites you don't already know and trust. For the sites you do trust, the message results from bad site design on their part.

Update
Thank you to a few readers who posted a solution to avoiding the warning:

When you receive the error message, click Yes.
In Internet Explorer, go to Tools, Internet Options, click the Security tab; make sure that in "Select a zone..." window that Internet is selected.
Click Custom Level and scroll down about half way to "Display mixed content" in the Miscellaneous section.
Change it from Prompt to Enable.
Click OK, Yes, and OK. The change should take effect immediately.

•

Related:

How do I stop constant runtime error messages in Internet Explorer? It's common to see runtime errors when visiting web sites in Internet Explorer. Unfortunately your options to deal with them are somewhat limited.
IExplore.exe has generated an error. Now what? IExplore.exe, aka Internet Explorer or 'IE', can crash but it's not always its fault. We'll look at some of the things that can cause IExplore.exe to crash, and steps you can take.

Article C1951 - May 27, 2004

Recent Comments

59 Comments

"This page contains both secure and nonsecure items" THANK you! This worked EXACTLY as the article described. And it was immediate. I opened a tab and surfed to a site I use MANY times daily where I got that inane prompt. I did not get it after following the aritcle simple steps. ALL "fixes" should be this easy and this effective!

Posted by: Mike Blevins at August 13, 2008 4:16 PM

After reading the comments, I realized what
was causing the problem. I am testing a new
page on a secure web site. But I left my
base anchor specification to point to a file on
my local "C" drive.

By changing my new page's HREF in the element to point back to the website I was able to eliminate the nagging messages.

I have references to both HTTP and HTTPS on my
web page, all going back to the original website.
It does not cause that nagging message. It probably (among other causes) occurs if the page has a reference is to some location outside of the website from which the origianl page comes.

Posted by: Just-a-guy at August 19, 2008 5:07 PM

I tried all of the client side settings for Internet Explorer in these articles and none of it worked. What did fix the problem was re-creating the user's profile on the machine. I realized this after logging myself into the workstation and let the user login to the sites that were getting the error and the error did not re-occur

Posted by: Wallace Woodard at December 30, 2008 7:48 AM

I tried the readers' suggestion to change the 'mixed content' setting. It worked great! Thanks - this has been a nuisance with that annoying message on Amazon.

Posted by: D Hickman at March 9, 2009 8:44 PM

I agree with the developer in that sometimes this is unavoidable and not necessarily bad design. This happens with google maps for me too.

To resolve in IE7 with google maps issue, I have added both the main site AND the "nonsecure" site to trusted zones, and set the option appropriately.

This means my trusted zones contains

https://mydomain/
http://maps.google.com/

This means unchecking the "sites in this zone require https" option.

Posted by: Simon at March 16, 2009 5:20 AM

Doesn't work in IE 6.0.3790 - happens for me with a site that is in a Trusted zone, and for Trusted Sites, showing Mixed Content is already set to "Enable" (I checked). Need another theory.

Posted by: Tom at March 24, 2009 2:32 PM

Ok, I am receiving the same dreaded message however as we are affliated with the Government, our Internet Security settings have been disabled. Now I have checked all through the source code (HTML, CSS and Javascript files) and all references to items are either relative or if they are absolute, they are https://.....

Any suggestions? Please

Posted by: Ian Wright at June 16, 2009 9:19 PM

Yes, in Internet Explorer the security tab is blocked and I cannot change any settings. What am I to do next?

Posted by: Anneline at September 28, 2009 3:19 AM

Hi All,
I was able to get rid of the problem. Following are my comments or suggestions on this -
1. If at all you are including other jsp, js, images and css files, do not specify the full URL like "http:\\ ... ". Try giving the relative path / context path.
2. If you are using IFRAME, donot miss to specify SRC attribute or leaving it empty. Give some blank page url atleast or hide it in the page.
3. Changing the IE Settings to eliminate the alert does help, but this is not a correct solution. Client may come back and say he is not ready to do this. And more over what if the application is being used by 1000+ users. You cannot just shoot an email to all and because of these settings, they cannot view alerts from other secured sites too.

Posted by: Vikram Reddy Tummala at October 30, 2009 8:17 AM

How can i make disable this messages by programming in VB.NET.

Posted by: Arunangshu Sarkar at November 20, 2009 11:05 AM

See all 59 comments...

Post a comment on "Can I get rid of the "This page contains both secure and nonsecure items" warning?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure