I found myself working on a problem where IE was popping up the usual mixed-content secure/non-secure dialog:
To start with, I wanted to see if Firefox also reported the same problem:
(Yep). Starting with the low-hanging fruit, I used firebug to find out if there was any non-https requests being made in Firefox. As it happened, we did have a non-https request being made. After fixing that, Firefox no longer complained about mixed-content. Sadly, IE still popped up the mixed-content dialog.
The comments section had a good continuing discussion on the general topic of how to track down the mixed-content problem including solutions to some of the problems others encountered that I hadn’t seen anywhere else. I came across this bit of gold. After installing the add on, the mixed-content warning looked like this:
With this information, it was simple to track down the culprit. In our particular case, we were using a GXT ClippedImagePrototype to override some paging toolbar buttons. We used relative URLs to specify the location of the modified icons and this seemed to be the problem. I’m still not completely sure why IE thought we were using an “about:”. There was some discussion in the blog comments about why “about:” was reported but it didn’t sound like those cases applied to us.