I have a website with iframe inside the main page.
The main function of the website is done inside the iframe, and at some point, the user needs to input their personal information. Therefore, I use SSL for the pages where the users input their personal information.
Even though I already use https in the iframe, it does not show the lock icon because the main page is not using https.
A critical user might get the iframe (in firefox, it can be done by right click -> frame -> view frame info) info and see if it is using https, but common user might think the page is not secure and will navigate away.
My question is how to to solve this problem? The main goal is to show to the user that the page is secured, but the problem is that it is an iframe and it seems the browser just shows whether the main page is secured or not. Even though iframe is secured but if the main page is not secured, no lock icon shown.
I'm thinking of making all activities done trough https, but won't it make the system go slower since each request response will be encrypted?