Mixed-Content to Be Blocked by Google-Chrome

Introduction Effective by December 2019, Google is planning to block the web pages carrying the mixed-Resources over the internet. This is their optimization strategy as Mixed-Content degrades end-user experienceand also hamper the security of the website. Google: is planning to launch an updated version of chrome i.e. chrome 79. It is going to impact the HTTPS webpages whose initial HTML is loaded using HTTPS connection but other elements like images, videos, scripts are loaded using an unsecured HTTP connection. Thus, Google will resistloading insecure elements over secure pages. This will eventually not only prevent privacy but will also provide, secure access to the web. In Order to minimize the breakage, googlewillupgrade automatically mixed-resources to https://, therefore sites can still work if their sub-resources are already accessible over https://. As a part of this,Google will stop showing the green padlock for the sites which load insecure resources. Google will also give the options to the end-user if they want to block the insecure or mixed-Contentof the abandoned website by using thesettings of opting out the legacy for the particular pages. Google has planned to launch various features of it using a series of releases starting from Chrome 79, Chrome 80, Chrome 81, each version of it has a feature attached to it. Why this decision? In the current scenario, Chrome allows the secure webpages to load resources from themixed pool of pages/elements, but over the time it has been surveyed that 90 percent of the chrome users are over secures pages and aware enough to surf secure connections only. Also, the web pages which are using mixedcontent – Secure + Unsecure are vulnerable to the various attacks like SQL, Man-In-The-Middle, Unauthorized access and as result can manipulate or steal the data, inject malicious code, or tamperthe overall webpage, which can be considered a huge loss to both end-user and website. What is Mixed Content? Webpages are the combination of certain resources and HTML Resources, these resources comprise of the multimedia, Scripts, Stylesheets, etc. and these can be loaded over secured connections or unsecured connection i.e., HTTPS or HTTP respectively over the internet. The websites carrying the mixed-content are able to load the initial HTML using the HTTPS secured connections whereas some of its resources get loaded over unsecured HTTP connections. Both sorts ofcontent is loaded over the same webpage. Below Fig.1 shows the request-response mechanism between Web Browser and Web Server, where web serves return the HTML content as a response when web browser requests for the HTML resources on visiting any webpage. The HTML resources hold the references to the sub-resources which further can be accessed by using different requests. Steps by Google to Control Mixed-Content As per the present scenario, the company is allowing mixedcontent to be loaded successfully, but from Dec 2019, it will apply its new policy. Following changes or steps to be introduced by Google: • End-user would be given a toggle button to opt-in and opt-out the feature ofblocking mixed--content. But this option of unblocking would be totally removed after Jan 20-20 thus, webpages with mixed resources will face consequences later on. • Google can mechanically upgrade protocol content tohttps if that resource exists on https. Versions of Chrome Google has planned to release this using different versions with different features. Chrome 79:Planned to be launched in Dec 2019, in this release-blocking of Http content would be released with an option for end-user to unblock it by clickingon Lockicon on HTTPS:// page and also by clicking the settings. On unblocking the content, the shield icon will be replaced on the right side of Omnibox. Chrome80: Feature includes the auto up-gradation of the multimedia files- audio &video to HTTPS:// and in case they fail to load over secured connections then google, will block them. Planned for Jan 2020. Unblocking of resources is allowed in this version. Google will also tag these websites with NOT SECURE; developers can adopt different means to avoid this. Solution There are various solutions available over online platforms that can be used to identify the mixed content over your website. Few of them are: • JitBit SSL Checker – This is a mixed content scanner available online for scanning your webpage against HTTP content. • Really Simple SSL – This is a word press plugin used for handling the migration to SSL, identify and fix the HTTP resources. • Use of web crawlers like – Screaming Frog Crawl Software to identify the unsecured content thought it won't fix it. The step by google will help to increase Security, Privacy and better UX for end-user as 90percent of the users are over chrome thus, it will compel the webmasters to use SSL for their websites in order to provide the better experience to their customers otherwise they will lose the customers interest which will further hamper the business. It will serve the customer better by providing Authentication, Data Integrity, and Secrecy. This will help customers to attain more confidence over the web portals as better HTTP protect against threats like Man in the middle attacks.



© 2019 Intense. All rights reserved | Design by W3layouts.