iFrame HTTP Auth Example

This shouldn't work because the authn request is from a different site than the main page but does because web VPNs break if mitigated. As a compromise, non-secure iFrame references don't allow HTTP auth, when redirected to HTTPS. Exercise caution when referencing third-party iFrames.

HTTPS (works but is risky in some contexts)

HTTP to HTTPS redirect (shouldn't work)