[thelist] HTTP links in HTTPS content

John DeStefano john.destefano at gmail.com
Fri Apr 20 13:33:58 CDT 2007

I don't mean to spark a debate; just looking for a solution:

I have an HTTPS/SSL-protected site.  On some pages, there are outside
links to non-protected (http://) pages on other sites.  We're not
pulling content in from these sites, just providing direct links to

Problem is, while some browsers don't mind this, others complain about
"both secure and nonsecure items" and warn the user about visiting a
page with "mixed content", which can not only be disconcerting to
naive users, but downright annoying when the warning is presented on
every page (and multiple times per page when the user browses back and
forth between pages).

MSFT's stance on this seems to be a mandate to site owners: "Don't mix
content."  I think that's overkill and a bit silly: when information
is available on HTTP pages, HTTPS pages should be able to link to them
(note: I'm saying "link to," and not "pull content from"; two distinct
actions), instead of statically copying content from another site.

While I'm interested in experiences with this and opinions, I'd love a
solution that would keep users of certain browsers happy, while not
duplicating content from other sites.


More information about the thelist mailing list