After moving a production site to use HTTPS exclusively (using the excellent IIS URL rewrite module), Internet Explorer 9 drove me nuts with the “Security Information” warning:
“This page contains both secure and nonsecure items. Do you want to display the nonsecure items?”
This was baffling, because the whole site was SSL using a genuine certificate and therefore had nothing nonsecure to send… At least I thought!
(I could get rid of the IE warning on my own machine by dumbing down the security with custom settings. However, I wanted a proper server-side fix.)
What I had missed was a script link in the HTML that someone had inserted:
The fix was to ensure that the link was to Google’s secure CDN:
It would be nice if the Internet Explorer warning included an option to “Show Me What Is Nonsecure On This Page” so we’d know what we’re getting into.
BTW, thanks to Ruslan for his valuable IIS URL rewriter module support blog at http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/ .