Google announced that Chrome browser will begin blocking web pages with mixed content beginning December 2019. Publishers are urged to check their websites to make sure there are no resources that are being loaded using the insecure HTTP protocol.
What is Mixed Content
Mixed content is when a secure web page (loaded through HTTPS) also contains scripts, styles, images or other linked content that is served through the insecure HTTP protocol. This is called mixed content.
Mixed content presents a security risk for your site visitor as well as to your website.
According to Google’s developer page on mixed content:
“Mixed content degrades the security and user experience of your HTTPS site.
…Using these resources, an attacker can often take complete control over the page, not just the compromised resource.”
How Google Chrome Will Handle Mixed Content
Currently Google loads pages with mixed content. Beginning in December 2019 with the introduction of Chrome 79, Google will do two things:
- Google will automatically upgrade http content to https if that resource exists on https.
- Google will introduce a toggle that a Chrome user can use to unblock insecure resources that Chrome is blocking.
Although this isn’t a full blocking, it might as well be because users may opt to back out of a site that displays a security warning.
This will be a bad experience for publishers and may lead to less sales, visitors and ad views.
Beginning in January 2020 Google will remove the unblocking option and begin blocking mixed content web pages.
How to Check Your Site for Mixed Content
There are multiple ways to check your site for mixed content.
Online Mixed Content Scanner
JitBit SSL Checker
JitBit SSL Checker is a free online scanner that will scan up to 400 pages of your site.
Really Simple SSL
Really Simple SSL https://wordpress.org/plugins/really-simple-ssl/ is a lightweight plugin that can handle the migraton to SSL as well as check and fix mixed content.
If your WordPress site is already migrated to SSL then you can use SSEL Insecure Content Fixer https://wordpress.org/plugins/ssl-insecure-content-fixer/ to scan your site and alert you to insecure resources and help you fix them.
Screaming Frog Crawl Software
Screaming Frog is a modestly priced crawl software (£149.00/year). This is a good option for crawling large sites. There’s a short learning curve for learning how to use the crawler, it’s quite intuitive. Screaming Frog will find your mixed content but it won’t fix it.
Read the announcement here: