Google has announced a deadline of December 2019 as the date for when Chrome will begin explicitly blocking the web pages with mixed content. So Website Owners should migrate their mixed content to https:// immediately to avoid warnings and breakage.
Let us understand better!
What is Mixed Content in Web Page?
Initially, HTML codes will run through the secure HTTPs connection, but that single HTML file isn’t enough to display a complete page, so the HTML file includes references to other resources like images, scripts and videos which will run through an insecure HTTP connection.
Both HTTP and HTTPS content are being loaded to display the same page so it is called Mixed Content.
Why Google Chrome is Blocking Mixed Content?
When the user visits the secure HTTPs site that has the content/ resource from HTTP will lead to user experience degradation on HTTPS websites.
Requesting subresources(scripts, images, video) using the insecure HTTP protocol weakens the security of the entire page In order to avoid such issues google chrome is blocking mixed content. These changes will improve users’ privacy and security while browsing the web.
HTTPs is prominent for protecting the site and user data from attacks.
Google Deadline for blocking mixed content
Instead of blocking all mixed content all at once, it does by series of Chrome update:
- Chrome 79 [December 2019], In this update new settings is introduced to unblock mixed content on specific sites. This setting will apply to mixed scripts, iframes, and other types of content that Chrome currently blocks by default. Users can toggle this setting by clicking the lock icon on any https page and clicking Site Settings. This will replace the shield icon that shows up at the right side of the Omnibox for unblocking mixed content in previous versions of desktop Chrome.
- Chrome 80 [January 2020]: In this update, mixed audio, and video resources will be auto-upgraded to https, and Chrome will block them by default if they fail to load over https. Users can unblock affected audio and video resources with the setting described above.
- Also in Chrome 80, mixed images will still be allowed to load, but they will cause Chrome to show a “Not Secure” chip in the Omnibox.
- Chrome 81 [February 2020], in this update mixed images will be auto-upgraded to https, and Chrome will block them by default if they fail to load over https.
How to find and fix the mixed content?
Finding and fixing the mixed content is important for preventing the site from blocking. Here is the list of tools to check Mixed content on your site.
Once you’ve found the list of mixed content URL included in your site.
Now check that URL is available in HTTPS if present change the URL from HTTP to HTTPS and save the source file then redeploy the updated file if necessary.
If the URL is not available in HTTPS it shows certificate warning or else no content will be displayed.
In this case, you should consider one of the following options:
- Include the resource from a different host, if one is available.
- Download and host the content on your site directly, if you are legally allowed to do so.
- Exclude the resource from your site altogether.