search
HomeOperation and MaintenanceSafetyWill Chrome block all types of non-HTTPS mixed content downloads?

Will Chrome block all types of non-HTTPS mixed content downloads?

Background of the article:

In October this year, Google released an official update for the new version 86 of the Chrome browser, which means that Chrome will block all types of non-HTTPS mixed content download.

In order to further strengthen the browser's security defense, Chrome, the browser dominance with a global share of 71%, can be said to be "broken." As early as February this year, Google announced: In order to enhance users' download protection experience, Chrome will gradually block the downloading of mixed content that is not Hypertext Transfer Protocol Secure, ensuring that HTTPS secure pages only download secure files.

Why HTTP resource downloads for HTTPS pages are blocked

HTTPS mixed content errors have always been a major obstacle for websites to promote HTTPS encryption. An HTTPS mixed content error occurs when the initial web page is loaded through a secure HTTPS link, but other resources in the page (such as images, videos, stylesheets, scripts) are loaded through an insecure HTTP link. That is, unsafe factors). Google reports that Chrome users use HTTPS for more than 90% of their browsing time across all major platforms, but these secure pages often load insecure HTTP subresources.

In the early days, Chrome blocking started with unsafe downloads of secure pages. This situation is particularly concerning because Chrome currently has no way to indicate to users that their privacy and security are being compromised. Insecure file downloads threaten user security and privacy. For example, an attacker can replace a program downloaded via HTTP with a malicious program, and an eavesdropper can read a user's bank statement downloaded via HTTP, etc. To address these risks, Google plans to eventually disable the loading of unsafe resources in Chrome. As a continuation of a plan announced last year, Chrome will block access to all "non-secure sub-resources" on "secure pages."

Will Chrome block all types of non-HTTPS mixed content downloads?

Chrome’s six-phase plan to block mixed content

Starting with Chrome 82 in April 2020, the Chrome browser took action to warn users , further ensuring security, until finally blocking "downloads of mixed content" (non-HTTPS downloads on secure pages) support. The file types that pose the greatest risk to users (executable files) are affected first, and subsequent versions will cover more file types.

Google plans to roll out restrictions on mixed content downloads first on Windows, macOS, ChromeOS, and Linux desktop platforms. The Chrome team divides this process into six steps, which are:

☞Chrome 81 (March 2020): The browser will pop up a console message warning of all mixed content downloads;

☞ Chrome 82 (April 2020): The browser will warn about mixed content downloads (executable files such as .exe);

☞ Chrome 83 (June 2020): Warning.zip Downloads of mixed content from archives and .iso disk images;

☞ Chrome 84 (August 2020): Warning about downloads of mixed content other than images, audio, video, and text;

☞ Chrome 85 (September 2020): Warn about the download of mixed content such as images, audio and video, and text;

☞ Chrome 86 (October 2020): Block the download of all types of mixed content.

Will Chrome block all types of non-HTTPS mixed content downloads?

The gradual rollout is intended to quickly mitigate serious security risks and provide developers with updates given that mobile platforms have better native protection against malicious files. The buffering time of its website prevents unsafe websites from affecting the Chrome user experience.

Is your website content mixed?

Is your website content mixed? I believe that most website administrators do not know what mixed content their websites contain, and the major update of Chrome 86 version helps users understand that all HTTP websites are unsafe, forcing website administrators to upgrade their sites to the more secure HTTPS protocol to protect users. privacy and data security.

Countermeasures

① Check for mixed content/insecure links on your website, check the loaded files in the website, and ensure that all files are downloaded only through HTTPS. This can be solved with the help of certificate management tools Regarding the insecure (external link) issue of HTTPS, monitor the website in real time and obtain a professional evaluation report to detect whether the HTTPS website you deploy is truly secure.

Will Chrome block all types of non-HTTPS mixed content downloads?

#② It is recommended that the website implement full-site HTTPS encryption. Protect private data from eavesdropping and leakage.

③ Worried that full-site HTTPS will consume more cloud server CPU resources and increase latency? Can develop performance optimization solutions for full-site HTTPS acceleration.

Related recommendations: Website Security Tutorial

The above is the detailed content of Will Chrome block all types of non-HTTPS mixed content downloads?. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:安全脉搏. If there is any infringement, please contact admin@php.cn delete
什么是Updater.exe在Windows 11/10中?这是Chrome进程吗?什么是Updater.exe在Windows 11/10中?这是Chrome进程吗?Mar 21, 2024 pm 05:36 PM

你在Windows上运行的每个应用程序都有一个组件程序来更新它。因此,如果你使用的是谷歌Chrome或谷歌地球,它会运行一个GoogleUpdate.exe应用程序,检查是否有更新可用,然后根据设置进行更新。然而,如果您不再看到它,而是在Windows11/10的任务管理器中看到一个进程updater.exe,这是有原因的。什么是Updater.exe在Windows11/10中?谷歌已经为其所有应用程序推出了更新,如GoogleEarth、GoogleDrive、Chrome等。这次更新带来了

crdownload是什么文件crdownload是什么文件Mar 08, 2023 am 11:38 AM

crdownload是chrome浏览器下载缓存文件,就是没下载完的文件;crdownload文件是一种临时文件格式,用于储存从硬盘上下载的文件,它能够帮助用户在下载文件时保护文件完整性,避免受到意外中断或停止的情况。CRDownload文件也可以用于备份文件,它可以让用户保存文件的临时副本;如果在下载时出现意外错误,就可以使用CRDownload文件来恢复已下载的文件。

chrome无法加载插件怎么办chrome无法加载插件怎么办Nov 06, 2023 pm 02:22 PM

chrome无法加载插件可以通过检查插件是否已正确安装、禁用和启用插件、清除插件缓存、更新浏览器和插件、检查网络连接和尝试在隐身模式下加载插件方法解决。其解决方法如下:1、检查插件是否已正确安装,重新安装即可;2、禁用和启用插件,点击禁用按钮,然后再次点击启用按钮即可;3、清除插件缓存,选择高级选项>清除浏览数据,勾选缓存图片和文件和清除所有Cookies,点击清除数据即可。

解决谷歌浏览器无法打开网页的方法解决谷歌浏览器无法打开网页的方法Jan 04, 2024 pm 10:18 PM

谷歌浏览器网页打不开怎么办?有很多小伙伴都喜欢上使用谷歌浏览器,当然也有部分小伙伴在使用的过程中发现自己无法正常的打开网页或者说网页打开的速度很慢,那么遇到这种情况要怎么办呢?下面就和小编来看看谷歌浏览器网页打不开的解决方法吧。谷歌浏览器网页打不开的解决方法方法一为了帮助还没有过关的玩家们,让我们一起来了解一下具体的解谜方法吧。首先,右键点击右下角的网络图标,然后选择“网络和Internet设置”。2、点击"以太网",接着点击"更改适配器选项"。3、点击”属性“按钮。4、双击打开i

Chrome的插件扩展程序安装目录是什么Chrome的插件扩展程序安装目录是什么Mar 08, 2024 am 08:55 AM

Chrome的插件扩展程序安装目录是什么?正常情况下,Chrome插件扩展程序的默认安装目录如下:1、windowsxp中chrome插件默认安装目录位置:C:\DocumentsandSettings\用户名\LocalSettings\ApplicationData\Google\Chrome\UserData\Default\Extensions2、windows7中chrome插件默认安装目录位置:C:\Users\用户名\AppData\Local\Google\Chrome\User

如何在Chrome和Edge的所有选项卡中搜索文本如何在Chrome和Edge的所有选项卡中搜索文本Feb 19, 2024 am 11:30 AM

本教程向您展示了如何在Windows的Chrome或Edge中找到所有打开的标签页上的特定文本或短语。有没有办法在Chrome中所有打开的标签页上进行文本搜索?是的,您可以使用Chrome中的免费外部Web扩展在所有打开的标签上执行文本搜索,无需手动切换标签。一些扩展如TabSearch和Ctrl-FPlus可以帮助您轻松实现这一功能。如何在GoogleChrome的所有选项卡中搜索文本?Ctrl-FPlus是一个免费的扩展,它方便用户在浏览器窗口的所有选项卡中搜索特定的单词、短语或文本。这个扩

chrome是什么意思chrome是什么意思Aug 07, 2023 pm 01:18 PM

chrome是浏览器的意思,由Google开发的网络浏览器,它在2008年首次发布,并迅速成为全球最受欢迎的浏览器之一,其名字来源于浏览器的界面设计,因为它的标志性特征就是窗口顶部的标签栏,而这个标签栏的外观与铬金属非常相似。

chromesetup是什么软件chromesetup是什么软件Mar 03, 2023 pm 02:58 PM

chromesetup是谷歌浏览器安装程序;谷歌浏览器即Google Chrome,是由Google开发的一款设计简单、高效的Web浏览工具,其特点是简洁、快速,Chrome支持多标签浏览,每个标签页面都在独立的“沙箱”内运行,在提高安全性的同时,一个标签页面的崩溃也不会导致其他标签页面被关闭。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)