Google Chrome has announced it will soon block all non-HTTPS content starting January 2020.
At first glance this may seam a mute point for many as there is currently no reason to be using HTTP when HTTPS exists. This move is directed at HTTPS pages loading non-HTTP content and resources. Google have said that this move will affect web page sub-resources for example images, videos and iframes using HTTP. Google have stated that this mixed content presents a security risk to websites as well as their visitors.
Having already tagged any website using HTTP as ‘insecure’ and down-ranking non-HTTPS websites in its search engine it is clear Google, via its Chrome browser will continue to force the removal of mixed content.
The first step will be the release of Chrome 79 in December 2019 when Google will begin the process of blocking non-HTTPS content. With this initial release Chrome will attempt to auto-upgrade mixed resources to HTTPS which will enable sites to continue to run if their sub-resources are already available over HTTPS. There will be an initial option to opt out of blocking non-HTTPS mixed sites though how long this option is available for remains to be seen.
The option to unblock will, however, carry over to Chrome 80, with its limited release in January 2020, where mixed audio and video resources will be auto-upgraded to https and any that fail would be blocked by default. Mixed images are allowed to load but they will be marked as “Not Secure”.
In Chrome 81 (early release channels February 2020) Images will be auto-upgraded to HTTPS and blocked by default if they fail to load.
It is clear that HTTP has had its day and it is recommended that all content should be HTTPS to avoid any potential future issues.