I put a log in to the front page (http), but I put log in to a iframe (https) to make sure user always use https to log in and has less chance to be hacked.
But, I got "allow sub-frames to navigation across different domains".
I have main window and iframe all in the same domain, but just http and https difference. Why IE send up this warning by the default? It's getting annoying.