Table of Contents

1 1 Background

Warnings and errors seen in Alexa top sites.

2 2 Review

2.1 2.1 Google

2.2 2.2 Facebook

The page at https://www.facebook.com/ displayed insecure content from
http://ad.doubleclick.net/dot.gif?506444914676954803.

2.3 2.3 YouTube

Unsafe JavaScript attempt to access frame with URL
http://www.youtube.com/ from frame with URL
http://ad-g.doubleclick.net/N4061/adi/com.ythome/_default;sz=970x250;tile=1;plat=pc;dc_dedup=1;k21=1;kage=38;kar=5;kauth=1;kbsg=HPUS121227;kcr=us;kga=1003;kgender=m;kgg=1;klg=en;kmyd=ad_creative_1;ord=4783661141991615?.
Domains, protocols and ports must match.

2.4 2.4 Yahoo

Resource interpreted as Script but transferred with MIME type
text/html:
"http://l.yimg.com/os/assets/globalmedia/traffic/traffic-simulation.js?callback=YUI.Env.JSONP.yui_3_5_1_1_1356640749255_694".

2.5 2.5 Baidu

Resource interpreted as Script but transferred with MIME type text/html: "http://a.baidu.com/ecom?di=216&tm=baiduASPT216S&tn=baidubaike_pg&word=foo".

2.6 2.6 Wikipedia

2.7 2.7 Live.com

2.8 2.8 Amazon

Unsafe JavaScript attempt to access frame with URL
http://www.amazon.com/ from frame with URL
http://z-ecx.images-amazon.com/images/G/01/da/swf-0.2._V1_.html#m=creatives/boa/boa_snow_300x250_12-26_7_8._V1_#c=http%3A%2F%2Fad.doubleclick.net%2Fclick%253Bh%253Dv8%2F3d58%2F3%2F0%2F%252a%2Fm%253B266028490%253B0-0%253B0%253B18273353%253B4307-300%2F250%253B52006234%2F51966527%2F1%253Bu%253D06ec85f94fcf4cb890baf33aa8220dbe%253B%257Esscs%253D%253fhttp%3A%2F%2Fad.doubleclick.net%2Fclk%3B265749198%3B91499834%3Bl#i0=//ad.doubleclick.net/ad/N4359.Amazon.com/B6485786.40;sz=1x1;ord=1SXQ9RKY6NNQRT7BN5RV%3F#i1=//b.scorecardresearch.com/p%3Fc1=3%26c2=6035701%26c3=6485786%26c4=40856788%26c5=91499834%26c6=%26c10=1%26c11=%26c13=%26c16=dfa%26cj=1%26ax_fwd=1#i2=//amch.questionmarket.com/adsc/d987576/114/999416/adscout.php%3Ford=1SXQ9RKY6NNQRT7BN5RV#s0=//cdn.doubleverify.com/dvtp_src.js%3Fctx=2875%26cmp=6485786%26sid=557911%26plc=91499834%26num=%26adid=%26advid=562870%26adsrv=1%26region=30%26btreg=%26btadsrv=%26crt=%26crtname=%26chnl=%26unit=%26pid=%26uid=%26dvtagver=6.1.src.
Domains, protocols and ports must match.

2.9 2.9 QQ.com

Unsafe JavaScript attempt to access frame with URL http://www.qq.com/
from frame with URL
http://adsfile.qq.com/201209/12/tbzg_QHU_201209122617.html. The frame
being accessed set 'document.domain' to 'qq.com', but the frame
requesting access did not. Both must set 'document.domain' to the same
value to allow access.

Author: Jason Walsh

Created: 2016-11-01 Tue 12:10

Validate