I wonder why browsers still insist on flagging this behavior as particularly insecure. A https site can be perfectly secure and still reference images on a non-secured HTTP server, while (on the other hand) no amount of cryptography can protect the user if the site is not coded securely.
If my bank chooses to serve up a logo from a non-secured CDN, I'll just have to trust them that this makes sense. Just as I'd have to trust them not to display my card number in 10 feet tall letters on Times Square (can we get a browser warning for that?).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds