Google’s web browser Chrome will soon block the HTTPS pages from loading insecure resources to improve the users’ privacy and security while browsing the web.
For the readers who don’t know, the difference between HTTPS and HTTP Web protocols, the HTTP stands for Hypertext Transfer Protocol and HTTPS stands for Hypertext Transfer Protocol Secure as the name suggests the HHTPS is more secure than the HTTP. Most websites in today’s times load on HTTPS, but there are still a few websites that offer mixed content. This means that some HTTPS sites load additional content like images, videos, and audio over the insecure HTTP network. Google wants to put an end to this practice as well, and it’s looking to begin the transition to block mixed content with Chrome 79.
Chrome 79 will out in December this year. Google will begin blocking mixed audio and video resources with Chrome 80 that should release to users in January next year. Users can unblock affected audio and video resources by going into Settings. As for mixed images, they will be allowed to load, but Chrome will then show a “Not Secure” chip in the Omnibox. With the February 2020 release of Chrome 81, Google plans to block mixed images by default as well.
In Chrome 79, Google will start the work to block all mixed content on HTTPS websites by offering an option to unlock the content on specific sites. This can be done by going into Settings found in the lock icon next to the HTTPS link in the address bar.
Detailing the need to block mixed content, Google notes in its blog, “Browsers block many types of mixed content by default, like scripts and iframes, but images, audio, and video are still allowed to load, which threatens users’ privacy and security. For example, an attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource load. Loading mixed content also leads to a confusing browser security UX, where the page is presented as neither secure nor insecure but somewhere in between.”
To avoid any kind of breakage and warning Google has asked the developers to migrate their mixed content to HTTPS immediately. It has also detailed some ways to do this in its blog post.