Google wymyśliło, jak zmusić strony do przejścia na HTTPS

Podczas gdy Google nadal podejmuje kroki w celu zastąpienia protokołu HTTP, the company has come up with idea how to force sites switch to more secure HTTPS.

A few years ago, Google began to consider HTTPS support when ranking search results with indexing of HTTPS pages by default.

Następnie, in the Chrome browser (from version 68), pages using the HTTP protocol began to be marked insecure. Teraz, Google is ready to move on to the next stage of the HTTP forget planturn on Chrome to completely block “mixed” content.

Mixed content refers to individual elements on HTTPS pages that are insecurely loaded via an HTTP connection.

“Browsers by default block many types of mixed content such as scripts and iframes, but images, audio and video can still be downloaded, which poses a threat to user privacy and security. Na przykład, an attacker could modify the mixed image of the stock chart to mislead investors, or insert a tracking cookie into the mixed content”, – says the official blog of Chromium.

Also, downloading mixed content causes confusion in security – w tym przypadku, the page is not safe and not insecure, but somewhere in the middle. Google intends to rectify the situation: Chrome will by default block all mixed content. Immediately stipulate that the lock will be introduced gradually.

In the version of Chrom 79, the release of which is scheduled for December this year, it will be possible to remove the blocking of mixed content for a specific site. This option will apply to mixed scripts, iframes, and other types of content that Chrome already blocks by default.

It will be possible to remove the lock by pressing the lock icon and select the appropriate option in the “Site Settings” (image below).

Google wymusza przejście na HTTPS

Chrom 80 (in the early channels the assembly will be released in January 2020) will by default block audio and video that cannot be downloaded via HTTPS.

You can remove the lock in the manner described above. Dodatkowo, in Chrome 80, when loading mixed images, an Omnibox line will display a warning about the potential danger of the page. It will look like this:

Google wymusza przejście na HTTPS

This should have prompted developers to renew their SSL certificates.

Przy okazji, Google is talking about making great progress in the transition to HTTPS. Według firmy, Chrome users now spend more than 90% of their time viewing an HTTPS site on all major platforms.

Przeczytaj także: Menedżer haseł Google będzie ostrzegał użytkowników o słabych i naruszonych hasłach

Wreszcie, Chrom 81 will also block images downloaded via HTTP by default. The release of Chrome 81 in the early branches is scheduled for February 2020.

To avoid blocking, Google advises website developers to switch to HTTPS as quickly as possible. The company provides several resources on the blog that can help in this matter.


  • HTTPS is not a separate protocol. This is plain HTTP, complemented by SSL and TLS encryption to enhance security.
  • HTTPS protects the data transfer channel between the browser and the website, preventing all sorts of attacks, including sniffing attacks and man-in-the-middle attacks.

O autorze

Waldis Kok

Inżynier bezpieczeństwa, inżynieria wsteczna i kryminalistyka pamięci

Zostaw komentarz