Google gets tougher on HTTPS with ban on mixed content

Google gets tougher on HTTPS with ban on mixed content 1

Starting next year, Google Chrome will get a lot tougher on websites that have not fully migrated to HTTPS and are still loading some page resources, such as images, audio, video, or scripts, via HTTP.

Known as “mixed content,” this has been a problem since the first days when websites began migrating to HTTPS.

But for the past few years, browsers have ignored the problem of mixed content, as long as the main domain was loaded via HTTPS.

This was because, for the vast majority of the internet’s history, HTTPS was an outlier, few websites used it, and wasn’t considered a must-have technical requirement.

Coinbase 3

But in recent years, both Google and Mozilla have been heavily promoting the use of HTTPS, each in their own way.

For example, Mozilla and its partners launched a service called Let’s Encrypt to provide server administrators with access to free and easy to use TLS certificates, so they can support HTTPS on their sites.

For its part, Google has been making constant changes to Chrome, today’s most popular browser. The company has effectively “abused” its position as the dominant market player to set trends and instill new habits among website owners and end-users

For starters, it began showing “Not Secure” indicators on forms and login fields loaded over HTTP. Even if websites loaded via HTTPS, Chrome refused to show a green padlock if there was mixed content on the page. It also began blocking browser downloads on HTTPS pages, if the content was being downloaded via HTTP.

The company also changed its approach to HTTPS and HTTP websites. Instead of rewarding sites that moved to HTTPS by showing a “Secure” indicator in the URL bar, they’re now showing a “Not Secure” indicator on HTTP sites, as a penalty for sites that failed to migrate to HTTPS.

90% of Chrome traffic is over HTTPS

All of this has been very successful and has helped nudge more and more website owners and online services towards using HTTPS.

“Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms,” Google engineers said in a blog post today.

But now Google is making its next step — of eradicating mixed content on the web. Sites will need to move their HTTPS websites entirely to HTTPS, and not just the main domain.

“In a series of steps starting in Chrome 79, Chrome will gradually move to blocking all mixed content by default,” Google said today.

“To minimize breakage, we will autoupgrade mixed resources to https://, so sites will continue to work if their subresources are already available over https://,” it said.

In addition, to prevent users from being blocked from accessing legacy or abandoned sites, Google will also be making available a setting to opt out of mixed content blocking on particular websites.

Here are the company’s upcoming plans:

  • In Chrome 79, releasing to stable channel in December 2019, we’ll introduce a new setting to unblock mixed content on specific sites. This setting will apply to mixed scripts, iframes, and other types of content that Chrome currently blocks by default. Users can toggle this setting by clicking the lock icon on any https:// page and clicking Site Settings. This will replace the shield icon that shows up at the right side of the omnibox for unblocking mixed content in previous versions of desktop Chrome.
  • In Chrome 80, mixed audio and video resources will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Chrome 80 will be released to early release channels in January 2020. Users can unblock affected audio and video resources with the setting described above.
  • Also in Chrome 80, mixed images will still be allowed to load, but they will cause Chrome to show a “Not Secure” chip in the omnibox. We anticipate that this is a clearer security UI for users and that it will motivate websites to migrate their images to HTTPS. Developers can use the upgrade-insecure-requests or block-all-mixed-content Content Security Policy directives to avoid this warning.
  • In Chrome 81, mixed images will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Chrome 81 will be released to early release channels in February 2020.

Webmasters are advised to look into making sure their websites don’t load any resources over HTTP anymore. This includes iframes, cookies, CSS files, JavaScript files, audio, video, and especially images. As a starting point, Google engineers recommended the following resources:

  • Use Content Security Policy and Lighthouse’s mixed content audit to discover and fix mixed content on your site.
  • See this guide for general advice on migrating servers to HTTPS.
  • Check with your CDN, web host, or content management system to see if they have special tools for debugging mixed content. For example, Cloudflare offers a tool to rewrite mixed content to https://, and WordPress plugins are available as well.
Google gets tougher on HTTPS with ban on mixed content 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 47,930.00
ethereum
Ethereum (ETH) $ 3,418.80
cardano
Cardano (ADA) $ 2.36
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 409.23
xrp
XRP (XRP) $ 1.07
solana
Solana (SOL) $ 163.67
polkadot
Polkadot (DOT) $ 33.99
dogecoin
Dogecoin (DOGE) $ 0.240139
usd-coin
USD Coin (USDC) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 47,930.00
ethereumEthereum (ETH)
$ 3,418.80
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 636.57
litecoinLitecoin (LTC)
$ 179.62
bitcoinBitcoin (BTC)
40.692,33
ethereumEthereum (ETH)
2.902,54
tetherTether (USDT)
0,848995
bitcoin-cashBitcoin Cash (BCH)
540,44
litecoinLitecoin (LTC)
152,50
bitcoinBitcoin (BTC)
34,741.82
ethereumEthereum (ETH)
2,478.10
tetherTether (USDT)
0.724845
bitcoin-cashBitcoin Cash (BCH)
461.41
litecoinLitecoin (LTC)
130.20

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin48,045 0.01 % 0.28 % 6.30 %
Ethereum3,428.1 0.21 % 1.32 % 4.90 %
Cardano2.360 0.20 % 1.30 % 9.79 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin410.14 0.11 % 1.22 % 1.48 %
XRP1.070 0.36 % 1.01 % 0.40 %
Solana164.80 0.09 % 12.93 % 7.39 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2407 0.09 % 1.51 % 0.20 %
USD Coin1.000 0.06 % 0.07 % 0.15 %

bitcoin
Bitcoin (BTC) $ 47,930.00
ethereum
Ethereum (ETH) $ 3,418.80
cardano
Cardano (ADA) $ 2.36
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 409.23
xrp
XRP (XRP) $ 1.07
solana
Solana (SOL) $ 163.67
polkadot
Polkadot (DOT) $ 33.99
dogecoin
Dogecoin (DOGE) $ 0.240139
usd-coin
USD Coin (USDC) $ 1.00