Two and a half years ago, the websites that they used the HTTPS protocol and left aside the traditional but insecure HTTP they became a majority in the Network of Networks. A few months before, Google (owner of the most used search engine and web browser) had declared the start of hostilities against the HTTP protocol, declaring herself ready to declare the Internet unsafe.
HTTPS progress since then has been remarkable; so much, Chrome stopped stating that an HTTP website “is safe” Because that had happened (and should have happened) to be normal, just pointing out the insecurity of all HTTP.
Google is now going for mixed content
But even today, on many websites we find what is called “mixed content”: the initial HTML code is loaded through an HTTPS connection (safe), while some of the resources of the samea (images, animations, videos, scripts or CSS files) they do it through HTTP connections (insecure).
Thus, despite the fact that the initial request to the server was secure, and a reassuring “https: //” appears in the address bar of our browser, the security of the site we visit is equally compromised.
Until now, this kind of content was not blocked by browsers, because could be essential to maintain the functionality or appearance of the website.
But Google seems determined to leave the HTTP protocol behind, and has decided to take the risk: Although in the current Google Chrome 80 it has already started to rewrite / block audio / video resources, the Google Chrome 81 beta has already apply that same measure also to images. From now on, Google Chrome will rewrite all calls to HTTP resources, and will try to look them up in equivalent addresses with HTTPS, rewriting the calls inserted in the HTML.
That may even be good news for many webmasters who haven’t finished reviewing their website code, but who can safely provide such resources: Google will do the work for them and save security warnings that give a bad image of your site and affect your web positioning.
Track | TheWindowsClub
Image | Christiaan Colen
Google Chrome begins to block the loading of HTTP content on secure websites, even if they stop displaying properly