Google Chrome Will Block Insecure Content on HTTPS Pages from December 2019

rob-warburton.png
Rob Warburton
October 23, 2019 2 min read
chromecontentblocking.png

Google Chrome, which accounts for over 58% of the global web browser market, has announced that it will begin to block web pages with mixed content from December 2019 onwards. Those responsible for maintaining their company websites are advised to prepare for the changes over the coming months. The news comes as Google looks to improve user privacy, security and present a clearer browser security UX to users.

According to the tech giant, the web has made great progress in transitioning to HTTPS, with Chrome users spending over 90% of their browsing time on HTTPS. It now aims to increase that figure even further.

Unlike other Google updates which have a history of happening out of the blue, we’re lucky enough to receive a short window of time to rectify our mixed content issues before the changes kick in towards the end of the year.
 

What is mixed content?

Mixed content is when a web page secured by HTTPS also shows content (images, iFrames, video etc.) that is being delivered via an HTTP protocol. When mixed content is present, you may notice a change in the URL bar, with a warning showing that the page has insecure content. As you can imagine, this is a nightmare scenario for most websites, particularly e-commerce sites, who are all about evoking trust in the customer before purchasing online.


googlechromeblocking.png 

Why is HTTPS so important?

The proposed changes will inevitably improve user privacy and security on the internet, whilst providing a clearer browser user experience. Content not secured by HTTPS leaves a website open to attacks, whether that be tampering with images or manipulating tracking codes into insecure content.

 

What do the changes mean and how do you prepare your website?

As it stands, Google loads all web pages that feature mixed content, whilst displaying an insecure content earning. However, as of December 2019, a few things will change:

  • Google will automatically upgrade any mixed content to HTTPS (if it exists) However, if it doesn’t exist on HTTPS, it will be blocked. Businesses may be caught out here if they are hosting content from another domain where HTTPS is not under their control.
  • Google will allow users to unblock insecure content as they browse your website.

Naturally, both of these changes result in a very poor experience for the user, which will subsequently affect page views, leads and sales. The last thing any business wants is a potential customer focussing on unblocking insecure content whilst trying to entice them with your product or service offering. The easiest way around these options is to eradicate any mixed content in the first place.
 
Luckily, as of today, you’ve got a few weeks to check your website for mixed content and put an action plan in place. The scope of the task will depend entirely on your URL count and how much of your content identifies as insecure. Nonetheless, it’s something that should not be ignored given that over 58% of web users are now opting to use Google Chrome as their primary browser. If like many of our current clients, you need assistance identifying your mixed content and preparing for the changes, feel free to get in touch with our team of digital experts on 020 3397 4155 or email [email protected]