Google announced that Chrome browser will begin blocking web pages with mixed content beginning December 2019. Publishers are urged to check their websites to make sure there are no resources that are being loaded using the insecure HTTP protocol.
What is Mixed Content
Mixed content is when a secure web page (loaded through HTTPS) also contains scripts, styles, images or other linked content that is served through the insecure HTTP protocol. This is called mixed content.
Mixed content presents a security risk for your site visitor as well as to your website.
According to Google’s developer page on mixed content:
“Mixed content degrades the security and user experience of your HTTPS site.
…Using these resources, an attacker can often take complete control over the page, not just the compromised resource.”
How Google Chrome Will Handle Mixed Content
Currently Google loads pages with mixed content. Beginning in December 2019 with the introduction of Chrome 79, Google will do two things:
- Google will automatically upgrade http content to https if that resource exists on https.
- Google will introduce a toggle that a Chrome user can use to unblock insecure resources that Chrome is blocking.
Although this isn’t a full blocking, it might as well be because users may opt to back out of a site that displays a security warning.
This will be a bad experience for publishers and may lead to less sales, visitors and ad views.
Beginning in January 2020 Google will remove the unblocking option and begin blocking mixed content web pages.