Chrome will soon block sites that mix HTTP and HTTPS (possibly including some favorites)



After Google has already introduced alerts in Chrome to let you know when you're visiting an off-site site – HTTP instead of HTTPS – Google goes one step further and plans to block "mixed content."

In future versions of Chrome, Google will block HTTP content downloaded from encrypted HTTPS sites. The company is taking steps to address the issue of secure sites that retrieve non-secure content such as scripts, media files, and iframes. It calls this mixed content.

The reason for the further blocking is that HTTP content can be disturbed. This means that you may see a wrong image or run a malicious script in the background.

As with previous changes, the new security feature will be phased in. Starting with Chrome 79, which is due to be moved out of development and beta test channels for a mainstream version in December, Google will begin to completely block mixed content.

At the same time, the company will introduce a new switch that allows users to unlock mixed content on certain websites. Google also states that mixed resources are automatically updated to https: // to minimize disruption, so websites will continue to work if their sub-resources are already available through https: //.

It is for your good …

With Chrome 80, Google automatically updates mixed audio and video resources to https: //, and Chrome blocks them by default if they can not be loaded via https: //. The browser loads mixed images, but Google indicates that Chrome is displaying a non-secure chip in the omnibox. This version of the browser is expected to come on the early release channels in January 2020.

READ  Amazon Singapore launches with some great discounts on tech

With Chrome 81, Google will continue to update mixed content to HTTPS the following month and begin blocking images that can not be loaded this way. The option to override this blocking is preserved, so Chrome users will not notice that one of their favorite websites suddenly becomes inaccessible. Google's hope is that the move will encourage more website developers to abandon the practice of using mixed content.

Spread the good stuff:
This post contains affiliate links, to find out more information, please read our disclaimer.
The price written on this page is true as the time it is written. It may change at any moment.

Related Posts