Earlier this month Google announced that the security settings in their Chrome browser would automatically block “mixed content”; this is when sub-resources from non-secure (HTTP) sites are loading onto pages within secure sites (HTTPS). This means secure websites that load adverts, images, video, media, feeds, fonts, scripts, iframes and other assets onto their pages from other sites will need to ensure that the source website is also secure. If not, it will lead to error messages, slow loading times, broken pages and a bad user experience. 

Act now

The move to block mixed content from Google is understandable and helps to ensure a secure site really is secure. Major browsers like Chrome, Edge and Firefox have been blocking some types of mixed content for a while, but Google’s move means that digital managers and website teams will now have to ensure that all sub-resources on their pages only come from secure sites (HTTPS). 

Teams do have a period of grace, but they do need to act quickly. We recommend you deal with this now.  The changes are being introduced gradually over the next three releases of Chrome. Release 79 in December 2019 allows users to unblock insecure resources on a site by site basis, but by release 81 in February 2020, all non-secure sub-resources displayed on secure sites will be blocked. There is also the possibility that further down the line other major browsers may follow suit.

Identifying pages with mixed content

Although acting now should give you adequate time to prevent any issues, teams may face a challenge in determining where action is required and identifying which pages do have mixed content that will be impacted by the changes. In particular:

• digital teams with large, sprawling sites where there are many old pages may have to go through every page
• those in large companies who have oversight of a portfolio of digital channels with distributed management will find it difficult to ask local digital teams with little or no technical knowledge to identify any pages at risk
• digital agencies wanting to be helpful to their portfolio of clients and spot any issues may need to “hand hold” less technically-savvy customers in helping them find any examples of mixed content on pages. 

How Sitemorse can help

One potential solution is to use Sitemorse’s powerful automated assessment capability to identify which pages require action. One of Sitemorse’s suite of tests identifies where you have mixed content or where sub-resources on a page are not being delivered, alerting your developers to pages that may be impacted by the upcoming changes to Chrome. Because Sitemorse can be run externally on any website, you can organise it across any portfolio of sites, including those run by local teams or customers. 

Continuing to run Sitemorse will also then identity any issues on your key pages as they emerge, especially as the sub-resources you are using will be pulling from sites that are beyond your control. For example, if HTTPS fails on a source site for any reason, it may cause a mixed content issue on your pages. If this is the case, you will get an alert and your developers can work to swiftly fix the issue.

Once you identify any pages with mixed content, Google suggests resources for developers on their original announcement to help migrate any mixed content to a secure source.  

Don’t be caught by the changes

You have until February 2020 to prevent any issues caused by the changes to Chrome. Don’t leave it to the last minute. Act quickly, use Sitemorse’s automation to identify any pages with issues, and then get your developers or digital agency to eliminate mixed content from your secure site.