It drives us all nuts I think. But, I'd be careful about changing those security settings. I'd rather be prompted each time. I want to know what's coming down the pipe at all times and would rather have the option to display or not display the secure content.

Google is notorious for this within their interfaces. Notorious I tell ya!

Google is notorious for this within their interfaces. Notorious I tell ya!

Well, duh? Maybe 'cause they don't know the user implications of calling non-secure elements into a secure environment?

Yeah, PhD's neat, where are the folks that know how the web works?

welcome to WebmasterWorld [webmasterworld.com], aaronmicalowe!

pageoneresults:

You're right to not want to mess with the security settings, but, if you change this setting to Disable it's more secure, and also, for google mail at least, it makes absolutely no functional or asthetic difference to your browsing experience anyway. There may be other less well written websites though that stop functioning if you Disable the non-secure items, but I have yet to find one.

The problem is not that the site will fail to function.

The problem is that if you are visiting a site that is supposed to be secure and is loading items from a non-secure URL, you should want to know about it.

You're right though, most sites that kick this error are loading an image or other object from a non-secure location and it's generally harmless. As a developer, this is an invaluable tool in making sure checkout and other secure pages are working correctly, I'd never turn it off. :-)

if you change this setting to Disable it's more secure

I don't see how you get this logic. When you disable these warnings in this way, you aren't making anything more secure. The insecure items are still loading, it's just that IE is no longer telling you about them. If anything, this makes is less secure because an insecure item may be harmful and you'd never know.

rocknbil:

The setting in question is called, Display Mixed Content. As I understand it this is not a warning setting but controls whether mixed content will be displayed or not. If you Disable this it simply won't load secure and non-secure items on the same page. If you Enable it, it will, and if you set this setting to Prompt, it will ask you first. So, either the whole page has to be secure (https I'm guessing) or non-secure (http) but can't have both when Disabled.

I say, "as I understand it" though, because applying common sense to Microsoft software hasn't always worked for me, but I can be reasonably sure my logic works because if you check all the settings in the security tab, none of them are warnings. These tend to be under the Advanced Tab, e.g. Warn if changing between secure and not secure mode (which incidentally doesn't fix the problem in the original post).