How the Chrome Will Block Mixed Content !

Recently, Google Chrome announced that they will soon start blocking mixed content also known as insecure content on web pages. This feature will be gradually rolled out starting from December 2019. This should give website owners enough time to check for mixed content errors and fix them before the block goes live. Failing to do so will cause poor user experience, loss of traffic, and loss of sales. In this guide, we will explain Google Chrome’s mixed content blocking and how you can be well prepared for it.

Mixed content is a term used to describe non-https content loading on an HTTPS website. HTTPS represent websites using a SSL certificate to deliver content. This technology makes websites secure by encrypting the data transfer between a website and a user’s browser. Google, Microsoft, WordPress.org, WP Beginner, and many other organizations are pushing HTTPs as the standard protocol for websites. They have been very successful in their efforts. According to Google, “Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms.” However, there are still many websites serving partial insecure content (mixed content) over HTTPs websites. Google aims to improve this situation by giving website owners a nudge in the right direction.

Google Chrome already blocks mixed content, but it’s limited to certain content types like JavaScript and iFrame resources. From December 2019, Google Chrome will move forward to start blocking other mixed content resources like images, audio, video, cookies, and other web resources. An insecure HTTP file on a secure HTTPs webpage can still be used by hackers to manipulate users, install malware, and hijack a website. This jeopardizes your website security as well as the safety of your website visitors. It also creates a bad user experience as Google Chrome cannot indicate whether a page is completely secure or insecure. Google Chrome has announced a gradual plan to implement mixed content blocking. It will be implemented in three steps spawning over the next three releases of Google Chrome.

Step 1: Starting from December 2019 (Chrome 79), it will add a new settings option to the ‘Site Settings’ menu. Users will be able to unblock the mixed content already blocked by Google Chrome including JavaScript and iframe resources. If a user opts-out for a website, then Google Chrome will serve mixed content on that site, but it will replace the padlock icon with the insecure icon.

Step 2: Starting from January 2020 (Chrome 80), Google Chrome will start auto upgrading HTTP video and audio file URLs to HTTPs. If it fails to load them over https, then it will automatically block those files. It will still allow images to load over HTTP, but the padlock icon will change to Not Secure icon if a website is serving images over HTTP.

Step 3: From February 2020 (Chrome 81), Google Chrome will start auto-upgrading HTTP images to load over HTTPs. If it fails to load them over https, then those images will be blocked as well. Basically, if your website has any mixed content resources that are not upgraded to HTTPs, then users will see the Not Secure icon in their browser’s address bar. This will create a poor user experience for them. It will also affect your brand reputation and business. No need to panic though. You can easily prepare your website to fix all mixed content errors.