For some reason Internet Explorer (see UPDATE below about Netscape) is unique among browsers in having an annoying popup warning box anytime a web page viewed over a secure HTTPS connection contains any content that is not secure. It can be triggered by an image in an email message, or an advertisement on the page, which obviously presents no security risk. If you've ever seen this popup you know what I mean:
*** This image is part of this post, not a real popup. Clicking won't make it go away. ***
In Web Mail some users choose the option under "Preferences / Web Mail Options" to use a Secure Session. If you are seeing the mixed content warning, then you have changed this setting. This option is handy for users who are on shared local networks with other users, or on a wireless connection, and don't want their browser traffic (and email) to be susceptible to snooping by a clever hacker. The secure session encrypts the connection to the Web Mail server and protects the content to and from your browser. Users not in one of these scenarios don't have much real use for this setting, other than perhaps a feeling of increased security (usually a misconception), at the expense of slightly lowered performance. That's why we default it to Off. (Note that the login page is always secure to protect you).
A side effect of using the Secure Session option in Web Mail, is that our ads, and content of your own email messages, will often cause this annoying popup message if you use Internet Explorer. The message is pretty useless and fortunately it can be turned off. To disable the message, follow these steps:
- Click the Tools menu, then Internet Options.
- Select the Security tab at the top, then click the Custom Level button.
- Scroll down about halfway to the Miscellaneous section and look for the setting for "Display Mixed Content".
- Select the Enable option.
Now you won't have to deal with that annoying (and for most users completely useless) popup message anymore. If you are a rare user for whom this is actually an important warning, you know who you are, and you will know what is best in your own situation. The rest of us will just turn it off.
UPDATE - I've found that Netscape also has a similar setting, but it doesn't come up as often as it does in Internet Explorer. To disable it in Netscape 7/8 go to Edit / Preferences / Privacy and Security / SSL - and uncheck the bottom box that says, "Viewing a Page with an encrypted/unencrypted mix."