Google has figured out how to force sites switch to HTTPS

While Google continues to take steps to supplant the HTTP protocol, the company has come up with idea how to force sites switch to more secure HTTPS.

A few years ago, Google began to consider HTTPS support when ranking search results with indexing of HTTPS pages by default.

그 다음에, in the Chrome browser (from version 68), pages using the HTTP protocol began to be marked insecure. 지금, Google is ready to move on to the next stage of the HTTP forget planturn on Chrome to completely block “mixed” content.

Mixed content refers to individual elements on HTTPS pages that are insecurely loaded via an HTTP connection.

“Browsers by default block many types of mixed content such as scripts and iframes, but images, audio and video can still be downloaded, which poses a threat to user privacy and security. 예를 들어, an attacker could modify the mixed image of the stock chart to mislead investors, or insert a tracking cookie into the mixed content”, – says the official blog of Chromium.

또한, downloading mixed content causes confusion in security – 이 경우, the page is not safe and not insecure, but somewhere in the middle. Google intends to rectify the situation: Chrome will by default block all mixed content. Immediately stipulate that the lock will be introduced gradually.

In the version of 크롬 79, the release of which is scheduled for December this year, it will be possible to remove the blocking of mixed content for a specific site. This option will apply to mixed scripts, iframes, and other types of content that Chrome already blocks by default.

It will be possible to remove the lock by pressing the lock icon and select the appropriate option in the “Site Settings” (image below).

Google force switch to HTTPS

크롬 80 (in the early channels the assembly will be released in January 2020) will by default block audio and video that cannot be downloaded via HTTPS.

You can remove the lock in the manner described above. 추가적으로, in Chrome 80, when loading mixed images, an Omnibox line will display a warning about the potential danger of the page. It will look like this:

Google force switch to HTTPS

This should have prompted developers to renew their SSL certificates.

그런데, Google is talking about making great progress in the transition to HTTPS. According to the company, Chrome users now spend more than 90% of their time viewing an HTTPS site on all major platforms.

또한 읽기: Google Password Manager will warn users about weak and compromised passwords

마지막으로, 크롬 81 will also block images downloaded via HTTP by default. The release of Chrome 81 in the early branches is scheduled for February 2020.

To avoid blocking, Google advises website developers to switch to HTTPS as quickly as possible. The company provides several resources on the blog that can help in this matter.


  • HTTPS is not a separate protocol. This is plain HTTP, complemented by SSL and TLS encryption to enhance security.
  • HTTPS protects the data transfer channel between the browser and the website, preventing all sorts of attacks, including sniffing attacks and man-in-the-middle attacks.

저자 소개

발디스 콕

보안 엔지니어, 리버스 엔지니어링 및 메모리 포렌식

코멘트를 남겨주세요