4

Can anyone explain why IE on Windows 2012 doesn't show the lock icon despite using HTTPS when visiting the following site?

https://www.microsoft.com/en-us/default.aspx

Missing lock icon

I am able to see the lock icon on Facebook and any other site.

With lock

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

1 Answers1

4

It's because the connection is not actually secure: There is an HTTPS error on the page about mixed content. Some data is loaded over HTTP (and not HTTPS), which causes this error. You can see this if you open the page in another browser like Chrome.

Edit: Some more information about mixed content errors, from my answer on this question.

if one of the resources used by the website (such as an image or a script) is loaded over HTTP, the confidentiality cannot be guaranteed anymore. Even though browsers do not send the HTTP Referer header when requesting non-secure resources from a secure page (source), it is still possible for someone eavesdropping on traffic to guess where you're visiting from; for example, if they know images X, Y, and Z are used on one page, they can guess you are visiting that page when they see your browser request those three images at once. Additionally, when loading Javascript, the entire page can be compromised. An attacker can execute any script on the page, modifying for example to whom the bank transaction will go.

When this happens (a resource being loaded over HTTP), the browser gives a mixed-content warning: Chrome, Firefox, Internet Explorer 9

Community
  • 1
Luc
  • 31,973
  • 8
  • 71
  • 135