Starting next year, Google Chrome will get a lot tougher on websites that have not fully migrated to HTTPS and are still loading some page resources, such as images, audio, video, or scripts, via HTTP.
Known as "mixed content," this has been a problem since the first days when websites began migrating to HTTPS.
But for the past few years, browsers have ignored the problem of mixed content, as long as the main domain was loaded via HTTPS.
This was because, for the vast majority of the internet's history, HTTPS was an outlier, few websites used it, and wasn't considered a must-have technical requirement.
But in recent years, both Google and Mozilla have been heavily promoting the use of HTTPS, each in their own way.
For example, Mozilla and its partners launched a service called Let's Encrypt to provide server administrators with access to free and easy to use TLS certificates, so they can support HTTPS on their sites.
For its part, Google has been making constant changes to Chrome, today's most popular browser. The company has effectively "abused" its position as the dominant market player to set trends and instill new habits among website owners and end-users
For starters, it began showing "Not Secure" indicators on forms and login fields loaded over HTTP. Even if websites loaded via HTTPS, Chrome refused to show a green padlock if there was mixed content on the page. It also began blocking browser downloads on HTTPS pages, if the content was being downloaded via HTTP.
The company also