Configure how Mixed Content on SSL Pages is Handled
SUMMARY: For security in Google Chrome, you may wish to disable insecure content and images on pages marked secure.
By default, if Google Chrome comes across a secure SSL webpage that also contains insecure content, the insecure content is allowed to load. This is because many secure web pages accidentally or intentionally load images or even scripts in an insecure manner. By loading these files insecurely, this places less strain on a server, though it can result in web browsers displaying security warnings.
Unfortunately, it is possible for secure websites to send your secure information as they request insecure scripts or images, for example as part of the request URL or as parameters to a script. Thus, for added security you may wish to try changing this setting unless it prevents you from accessing secure websites.
1. Click on the wrench icon.
2. Select "Options".
3. When the "Google Chrome Options" dialog box appears, click the "Under the Hood" tab.
4. Underneath "Security" you will find a pull-down labeled "Allow all content to load". Click it to change Google Chrome's SSL mixed content handling to the following:
* Allow all content to load - allows insecure content to load from a secure page, a potential security/privacy risk
* Allow insecure images - allows only images to be loaded insecurely, less of a security/privacy risk
* Block all insecure content - this should block all scripts, images, iframes, or other information from being loaded in an insecure manner on a SSL page
5. Click "Close" on the "Google Chrome Options" dialog box to close it.
Return to the Google Chrome page.
blog comments powered by Disqus