Google removes Chrome’s mixed content security icon

Google announced two days ago that the decision was made to replace the mixed content security icon in the company's Chrome web browser with the icon that is used for HTTP connections.

One of the main issues that website administrators run into in regards to enabling HTTPS on their sites is to ensure that all content is delivered via HTTPS.

It happens that content may not be delivered via HTTPS. This can be images from a Content Distribution Network, advertisement or third-party scripts to name a few examples.

Mixed content warnings are displayed to the user connecting to a site if at least one resource is delivered via HTTP and not HTTPS.

This can be quite troubling from a user perspective and especially so on websites that information are exchanged with.

Google's reasoning for implementing the change is that the new icon gives users a better "indication of the security state of the page relative to HTTP", and that Chrome users "will have fewer security states to learn".

Another reason for making the change in Chrome is that Google hopes that it will encourage site operators to make the move to HTTPS more quickly.

Since users are not seeing the HTTPS with minor errors warning icon in Chrome anymore once they have upgraded to version 46 of the browser, it is less likely that it will make them leave the site or at least question its security in the process.

Google's long term plan is to reduce icon states to just two in the future which would be secure and not secure.

Chrome users who have upgraded to version 46 of the browser won't see mixed content warnings anymore in the browser directly on the page they are on. The lack of the "secured" icon is technically still an indicator considering that https is displayed as the protocol in the address bar.

Confirmation that a site mixes secure and non-secure content is provided on the page's connection information page. You may open it with a click on the icon in front of the site's address.

There you find listed information about mixed content which is still indicated by the old icon that Google removed from Chrome's address bar in version 46 of the browser.

The change affects desktop versions of the Google browser only as mobile versions of Chrome display only a secure icon when HTTPS is used to connect to sites.

Now You: How do you handle sites with mixed content?