Google, siteleri HTTPS'ye geçmeye zorlamanın yolunu buldu

Google, HTTP protokolünün yerini alacak adımlar atmaya devam ederken, the company has come up with idea how to force sites switch to more secure HTTPS.

A few years ago, Google began to consider HTTPS support when ranking search results with indexing of HTTPS pages by default.

Daha sonra, in the Chrome browser (from version 68), pages using the HTTP protocol began to be marked insecure. Şimdi, Google is ready to move on to the next stage of the HTTP forget planturn on Chrome to completely block “mixed” content.

Mixed content refers to individual elements on HTTPS pages that are insecurely loaded via an HTTP connection.

“Browsers by default block many types of mixed content such as scripts and iframes, but images, audio and video can still be downloaded, which poses a threat to user privacy and security. Örneğin, an attacker could modify the mixed image of the stock chart to mislead investors, or insert a tracking cookie into the mixed content”, – says the official blog of Chromium.

Also, downloading mixed content causes confusion in security – bu durumda, the page is not safe and not insecure, but somewhere in the middle. Google intends to rectify the situation: Chrome will by default block all mixed content. Immediately stipulate that the lock will be introduced gradually.

In the version of Krom 79, the release of which is scheduled for December this year, it will be possible to remove the blocking of mixed content for a specific site. This option will apply to mixed scripts, iframes, and other types of content that Chrome already blocks by default.

It will be possible to remove the lock by pressing the lock icon and select the appropriate option in the “Site Settings” (image below).

Google, HTTPS'ye geçişi zorunlu kılıyor

Krom 80 (in the early channels the assembly will be released in January 2020) will by default block audio and video that cannot be downloaded via HTTPS.

You can remove the lock in the manner described above. bunlara ek olarak, in Chrome 80, when loading mixed images, an Omnibox line will display a warning about the potential danger of the page. It will look like this:

Google, HTTPS'ye geçişi zorunlu kılıyor

This should have prompted developers to renew their SSL certificates.

By the way, Google is talking about making great progress in the transition to HTTPS. According to the company, Chrome users now spend more than 90% of their time viewing an HTTPS site on all major platforms.

Ayrıca okuyun: Google Password Manager will warn users about weak and compromised passwords

Nihayet, Krom 81 will also block images downloaded via HTTP by default. The release of Chrome 81 in the early branches is scheduled for February 2020.

To avoid blocking, Google advises website developers to switch to HTTPS as quickly as possible. The company provides several resources on the blog that can help in this matter.


  • HTTPS is not a separate protocol. This is plain HTTP, complemented by SSL and TLS encryption to enhance security.
  • HTTPS protects the data transfer channel between the browser and the website, preventing all sorts of attacks, including sniffing attacks and man-in-the-middle attacks.

Yazar hakkında

Valdis Kok

güvenlik mühendisi, tersine mühendislik ve adli bellek

Yorum Yap