Applet both signed and unsigned code warning

Question

My applet is contained in an .asp page. When this .asp page and the applet hosted in a web site it shows the below warning message.

when the same files hosted in a different web site it does not give the warning message.

-Both web sites browsable with https.

-I used ie9 and JRE 7u21 for the test.

-Applet is signed.

-In my jar files manifest Trusted-Only Attribute or Trusted-Library Attribute does not exists

-java console of the one which shows securitiy warning, i see the below logs.

Ignored exception: java.lang.ClassFormatError: Incompatible magic value 1013478509 in class file MyApplet
security: blacklist: hasBeenModifiedSince 1369745951181 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369641350695 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369753585995 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369742598198 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369746010658 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369406495590 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369817989422 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369749180050 (we have 1366987061414)
security: blacklist: hasBeenModifiedSince 1369817157815 (we have 1366987061414)

What might be the cause of this different behaviour?

I know my question is too general but i need at least to have an idea for where to look.

Answer 1

Check for ECMAScript/JavaScript to Java calls from your website: this dialog is not only shown if the applet itself contains one or more unsigned files, but also if you try to use a technique called LiveConnect long time ago. While it is still okay to call ECMAScript/JavaScript from within Java it is not allowed to do it reverse.