Google Chrome wants to enhance user security and privacy. That’s why it is simplifying its security settings. In a post, the Chrome security team stated that secure pages (https://) will be loaded only on secure subresources.
If your website has mixed HTTPS and HTTP content, there is still time for you to change it. Google will be rolling out the changes gradually.
Why did Google decide on this Change?
There are two types of content being delivered by Chrome. The secure, encrypted one with HTTPS connection. Then, there is the content developed over a non-secured HTTP connection.
When using HTTP, the content cannot be tampered with. For that reason, websites must offer encryption when handling financial and private data.
The Internet is moving to secure HTTPS sites. When you visit an older HTTP site without encryption, Chrome will warn you that such a site is not secure.
Google also hides the https:// indicator because it believes that sites must be secured by default. The new https standard will include built-in encryption.
Some sites show mixed content. That is it loads secure and not secure content. A safe web page could still load a file via HTTP. The file could be modified if you are using a public Wi-Fi network that is not trustworthy. It can monitor keystrokes or insert a tracking cooking.
Scripts and iframes are dangerous but so are videos, images, and mixed content.
If a site is using https, all resources must be pulled in through https.
But with Google’s announcement, site owners will need to clean things up. In that way, their pages will work by default.
Currently, Chrome blocked mixed iFrames and scripts. But in Chrome 80, it will also block mixed audio and video resources. It will load content through an HTTPs connection. But if it will not, Chrome will block it. Chrome 80 will be released early next year.
When Chrome will release its Chrome 79, it will block mixed content on certain sites. But with Chrome 80, it will auto-upgrade and block mixed audio and video resources. It will block them if they fail to load over a secure connection.
Chrome 81, which will be released in February 2020, mixed images will be loaded over to https and it will block those that failed to load over https.
When the changes are complete, users will no longer have to wonder whether or not the sub-resources are being loaded over secure content. The slow rollout will provide developers the time to migrate their mixed content to https.
Chrome is not the only one blocking mixed content. Firefox, too, is blocking mixed scripts and frames. To allow mixed content to load, you can disable the protection. Apple’s Safari is also blocking mixed content.
Microsoft New Edge may also behave like Chrome, considering that it uses Chromium code forming the basis for Google Chrome.
For users, this attempt of Google Chrome to make the web more secure is ideal. It allows them to browse content online with less risk.