Sponsored Links

Chrome will block HTTP content from loading on secure sites

It will no longer allow secure pages to load http:// subresources.
Chrome will block HTTP content from loading on secure sites
Christine Fisher
Christine Fisher|@cfisherwrites|October 4, 2019 10:06 AM

In a move to improve user privacy and security, Google is simplifying its browser security settings. In a blog post, the Chrome security team said https:// pages will only be able to load secure (https://) subresources. The change won't happen overnight, but in a series of gradual steps.

According to Google, Chrome users now spend over 90 percent of their browsing time on HTTPS on all major platforms. But it's common for those secure pages to load insecure HTTP subresources. Many of those subresources are blocked by default, but some sneak in as images, audio and video, or "mixed content." That mixed content can put users at risk.

Beginning with Chrome 79, Chrome will work towards blocking all mixed content by default. To smooth the process, it will introduced the change incrementally. In December, Chrome 79 will add a new setting to unblock mixed content on specific sites. In January 2020, Chrome 80 will autoupgrade all mixed audio and video resources to HTTPS, and it will automatically block them if they fail to load over HTTPS. Finally, in February 2020, Chrome 81 will autoupgrade all mixed images to HTTPS, and as with audio and video, block those that don't load over HTTPS.

Once the changes are complete, users won't have to wonder whether the subresources they're viewing are HTTP or HTTPS. And the slow roll out should give developers time to migrate their mixed content to HTTPS. Though, as we've already learned, that "secure" padlock in the address bar, doesn't necessarily mean you're safe.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Chrome will block HTTP content from loading on secure sites