iFrame HTTP Auth Example
This shouldn't work because the authn request is from a different site than the main page but does because web VPNs break if mitigated. As a compromise, non-secure iFrame references don't allow HTTP auth, when redirected to HTTPS. Exercise caution when referencing third-party iFrames.
HTTPS (works but is risky in some contexts)
HTTP to HTTPS redirect (shouldn't work)