There are two types of traffic on the internet. Content delivered over a secure, encrypted HTTPS connection and content delivered over an unencrypted HTTP connection. The HTTP protocol is insecure because it allows data to be easily intercepted. And their abuse. The secure HTTPS protocol encrypts a message before it is sent and resolves it only when it is delivered. This allows for a secure and private connection between the website and the user. For this reason, this protocol has become dominant, especially when it comes to confidential data. HTTPS prevents an attacker from eavesdropping on browser requests, tracking visited pages of a website, or stealing information sent or received.

What’s mixed content?

Mixed content on a site occurs when the initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, scripts) are loaded over an insecure HTTP connection. Google is committed to making the internet safer. From inappropriate ads to insecure sites. Google boasts that Chrome users spend 90% of their time on secure HTTPS sites, but it will soon disable the remaining insecure content by completely blocking it early next year.

Since New Year’s Eve, Google Chrome has been blocking mixed content.

Websites that contain mixed content do not pose a danger in themselves. But additional content that they pull that is not subject to HTTPS standards can easily lead to problems. May cause downloads of confidential data or some other misuse. It could be said that these websites display both safe and non-safe content at the same time.

Starting with Chrome version 79, which will be released in December this year, “mixed” audio and video assets will be automatically loaded over a secure HTTPS connection and will be blocked by Chrome if it fails to do so. As for the images, they will be loaded, but Chrome will throw a notification that the page is not safe. If a website uses the HTTPS protocol, all resources should also be loaded over HTTPS. Google believes that in this way it will motivate all website owners to apply the HTTPS protocol to all their content. Otherwise, many potential visitors will be rejected by warning that the content on the site is not safe. This will be a bad experience for the owners and may lead to fewer visitors, sales, or viewed ads. Chrome will continue to offer an option that will allow you to load this kind of content, but not for long.

Starting in January 2020 and the release of the new version, Chrome 80 will block all mixed content by default. This will force all website owners to comply with the new standards and adapt all content to the HTPPS protocol. It is to be expected that all other browsers will follow the new practice introduced by Chrome very soon.