Ever seen this pop up in Internet Explorer 6 (or 7)?
This page contains both secure and nonsecure items. Do you want to display the nonsecure items?
You spend hours combing through server-side source, hours more combing through client-side source, and yet more hours sniffing and poring over headers, and nothing. Nothing HTTP when it should be HTTPS.
Well this could be your problem, yet another non sequitur brought to you by Microsoft:
This problem occurs if the Web page script calls the removeChild() method to delete a DIV element that references a background image. —http://support.microsoft.com/kb/925014
This only appears to happen when the style is inline. In other words, say you have something like this:
<div id="err" style="background-image:url(err.gif)"> Nee! </div>
If you attempt to vaporize that
removeChild(), you’re suddenly no longer secure.
Okaaay. Make sense to you? Makes sense to me!
Firefox, take me away!