chrome block http
by: Jared SmithPosted on:

Chrome to Block Mixed Content, Will Show Warning on Websites Soon

chrome mixed content warning

In July 2018, HTTP sites that were not switched over to HTTPS showed this “Not Secure” warning next to the URL.

This was big news, as over a billion people use Google Chrome as their primary browser. Websites with insecure HTTP connections will be labeled to warn users that their passwords and credit card data may be compromised. All HTTP pages in Chrome will trigger the warning, even those without credit card forms.

Google just announced that they will take the next step and block all mixed content on websites by default. Mixed content is insecure http:// resources on https:// pages. Their reasoning is privacy and security based:

For example, an attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource load. Loading mixed content also leads to a confusing browser security UX, where the page is presented as neither secure nor insecure but somewhere in between.

Google will spread out this change over their next three updates. Here’s the timeline:

  • This December, Chrome 79 will feature a new setting to unblock mixed content on specific sites. This applies to mixed scripts, iframes, etc. that Chrome currently blocks by default.
  • In January 2020, Chrome 80 will automatically upgrade all mixed audio and video resources to https://, and Chrome will automatically block them if they fail to load over to HTTPS. Mixed images will still be allowed to load, but will cause Chrome to show that Not Secure warning in the URL box. Chrome is doing this as a motivator to get you to migrate your images to HTTPS.
  • In February 2020, Chrome 81 will finally automatically upgrade all mixed images to HTTPS, and just like audio and video, block content that don’t load over HTTPS.

Use Google’s Content Security Policy and Lighthouse’s mixed content audit to discover and fix mixed content on your site before the warnings appear in January.

 

SSL Certificates from HostDime

If your website still isn’t HTTPS secure, it’s time to fix that. Customers need to see that green lock in the URL box to trust you.

HostDime’s Comodo SSL certificates start at just $30. These certificates include domains validated, quick issuance, unlimited re-issues, 30 day refund, $10,000 warranty, 99.3% browser compatibility, and 128/256 bit Encyption.
 
For a comprehensive list of differences between the different types of SSL certificates, follow this guide.

If you are a current HostDime client, you can utilize our Resource Guide to order SSLs within Core directly.

[divider]

Jared Smith is HostDime’s SEO and Content Strategist.