Mixed content includes content downloads such as software executables, documents, and media files offered from secure HTTPS websites over insecure HTTP connections.

Mixed content resulted from the need for websites to move to HTTPS from mid-2018 when Google started flagging out sites that are insecurely transmitting information over its Chrome browser.

Users seeing the HTTPS padlock on a site in Chrome typically assume that any downloads it offers are also secure.

Google’s recent announcement points out:

Insecurely-downloaded files are a risk to users’ security and privacy.
For instance, insecurely downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.

To eliminate this issue, Google has recently announced a timetable for phasing out insecure file downloads in its Chrome browser.

It will be a gradual effort rather than an immediate hardline exercise. It will begin with Chrome on desktop version 81 due out next month, by offering warnings. The dateline for all downloads via HTTP will systematically be blocked by Chrome version 86 scheduled to be out in October 2020.

Mobile versions of Chrome will use the same timetable except that they will lag by a version behind their desktop counterpart.

This latest plan underlines Google’s desire to improve security and user experience by the promotion of HTTPS everywhere in Chrome.

Make note eradicating unsecured downloads doesn’t guarantee that the download isn’t malicious. In essence, it merely means that the download hasn’t been tampered with as it travels from the webserver to your computer.

As part of our web security offering, we can help scan and fix these mixed content issues.

Shall we have a conversation? 

For the longest time since the birth of the Internet, there was no requirement for websites to have the secure transport HTTPS protocol to display web content over browsers like Google Chrome. Traffic and data requests from sites without HTTPS were transmitting information in the clear.

However, with the rise of cyber criminals’ activities, increasing financial transactions, and issues around personal data, the need for secure transmission becomes critical.

With effect from July 2018, Google’s web browser, Google Chrome, started flagging out websites that are not HTTPS compliant. Google requires data and traffic information to be encrypted and transmitted from the browser to the web server and vice versa over HTTPS. In this manner, both the website and users will not be prone to an attack.

Website owners who handle transactions online started implementing SSL certificates to give their site visitors peace of mind that they are conducting their purchases on a secure site.

With privacy laws quickly being implemented by many countries, companies and organizations soon followed sue to enforce the HTTPS protocol to safeguard private data provided by their customers over the web.

Mixed content occurs for websites that were designed and uploaded under an HTTP URL and later converted to HTTPS via way of implementing a SSL certificate.

Mixed content is a security loophole. It exposes your web traffic during transmission.

Despite the HTTPS web link, some content on the website, such as videos, images, and scripts, are, however, still transmitting over the not secure HTTP connection.

Hence you have an issue of mixed content from HTTPs and HTTP, loading on a page.

Any data transmitting over the non-secure HTTP exposes the website to attacks through “man in the middle attack” techniques. By intercepting these unsecured transmissions, cybercriminals can now gain access to your data like login credentials and credit card details.

This mixed content issue must be quickly fixed to ensure ALL content is transmitted through the secure HTTPS protocol before a data breach occurs.

As a site owner, you want to fix this before it is too late.

As part of our web security offering, we can scan and fix these mixed content issues.

Shall we have a conversation?

.