Table of Contents
1. 1 Background
Warnings and errors seen in Alexa top sites.
2. 2 Review
2.1. 2.1 Google
2.2. 2.2 Facebook
The page at https://www.facebook.com/ displayed insecure content from http://ad.doubleclick.net/dot.gif?506444914676954803.
2.3. 2.3 YouTube
Unsafe JavaScript attempt to access frame with URL http://www.youtube.com/ from frame with URL http://ad-g.doubleclick.net/N4061/adi/com.ythome/_default;sz=970x250;tile=1;plat=pc;dc_dedup=1;k21=1;kage=38;kar=5;kauth=1;kbsg=HPUS121227;kcr=us;kga=1003;kgender=m;kgg=1;klg=en;kmyd=ad_creative_1;ord=4783661141991615?. Domains, protocols and ports must match.
2.4. 2.4 Yahoo
Resource interpreted as Script but transferred with MIME type text/html: "http://l.yimg.com/os/assets/globalmedia/traffic/traffic-simulation.js?callback=YUI.Env.JSONP.yui_3_5_1_1_1356640749255_694".
2.5. 2.5 Baidu
Resource interpreted as Script but transferred with MIME type text/html: "http://a.baidu.com/ecom?di=216&tm=baiduASPT216S&tn=baidubaike_pg&word=foo".
2.6. 2.6 Wikipedia
2.7. 2.7 Live.com
2.8. 2.8 Amazon
Unsafe JavaScript attempt to access frame with URL http://www.amazon.com/ from frame with URL http://z-ecx.images-amazon.com/images/G/01/da/swf-0.2._V1_.html#m=creatives/boa/boa_snow_300x250_12-26_7_8._V1_#c=http%3A%2F%2Fad.doubleclick.net%2Fclick%253Bh%253Dv8%2F3d58%2F3%2F0%2F%252a%2Fm%253B266028490%253B0-0%253B0%253B18273353%253B4307-300%2F250%253B52006234%2F51966527%2F1%253Bu%253D06ec85f94fcf4cb890baf33aa8220dbe%253B%257Esscs%253D%253fhttp%3A%2F%2Fad.doubleclick.net%2Fclk%3B265749198%3B91499834%3Bl#i0=//ad.doubleclick.net/ad/N4359.Amazon.com/B6485786.40;sz=1x1;ord=1SXQ9RKY6NNQRT7BN5RV%3F#i1=//b.scorecardresearch.com/p%3Fc1=3%26c2=6035701%26c3=6485786%26c4=40856788%26c5=91499834%26c6=%26c10=1%26c11=%26c13=%26c16=dfa%26cj=1%26ax_fwd=1#i2=//amch.questionmarket.com/adsc/d987576/114/999416/adscout.php%3Ford=1SXQ9RKY6NNQRT7BN5RV#s0=//cdn.doubleverify.com/dvtp_src.js%3Fctx=2875%26cmp=6485786%26sid=557911%26plc=91499834%26num=%26adid=%26advid=562870%26adsrv=1%26region=30%26btreg=%26btadsrv=%26crt=%26crtname=%26chnl=%26unit=%26pid=%26uid=%26dvtagver=6.1.src. Domains, protocols and ports must match.
2.9. 2.9 QQ.com
Unsafe JavaScript attempt to access frame with URL http://www.qq.com/ from frame with URL http://adsfile.qq.com/201209/12/tbzg_QHU_201209122617.html. The frame being accessed set 'document.domain' to 'qq.com', but the frame requesting access did not. Both must set 'document.domain' to the same value to allow access.