Google removes Chrome's mixed content security icon

Martin Brinkmann
Oct 15, 2015
Google Chrome

Google announced two days ago that the decision was made to replace the mixed content security icon in the company's Chrome web browser with the icon that is used for HTTP connections.

One of the main issues that website administrators run into in regards to enabling HTTPS on their sites is to ensure that all content is delivered via HTTPS.

It happens that content may not be delivered via HTTPS. This can be images from a Content Distribution Network, advertisement or third-party scripts to name a few examples.

Mixed content warnings are displayed to the user connecting to a site if at least one resource is delivered via HTTP and not HTTPS.

This can be quite troubling from a user perspective and especially so on websites that information are exchanged with.


Google's reasoning for implementing the change is that the new icon gives users a better "indication of the security state of the page relative to HTTP", and that Chrome users "will have fewer security states to learn".

Another reason for making the change in Chrome is that Google hopes that it will encourage site operators to make the move to HTTPS more quickly.

Since users are not seeing the HTTPS with minor errors warning icon in Chrome anymore once they have upgraded to version 46 of the browser, it is less likely that it will make them leave the site or at least question its security in the process.

Google's long term plan is to reduce icon states to just two in the future which would be secure and not secure.

Chrome users who have upgraded to version 46 of the browser won't see mixed content warnings anymore in the browser directly on the page they are on. The lack of the "secured" icon is technically still an indicator considering that https is displayed as the protocol in the address bar.

mixed content warning

Confirmation that a site mixes secure and non-secure content is provided on the page's connection information page. You may open it with a click on the icon in front of the site's address.

There you find listed information about mixed content which is still indicated by the old icon that Google removed from Chrome's address bar in version 46 of the browser.

The change affects desktop versions of the Google browser only as mobile versions of Chrome display only a secure icon when HTTPS is used to connect to sites.

Now You: How do you handle sites with mixed content?

Google removes Chrome's mixed content security icon
Article Name
Google removes Chrome's mixed content security icon
Google removed the mixed content security icon in Chrome 46 back to the same icon that plain HTTP connections use.

Previous Post: «
Next Post: «


  1. not_black said on October 15, 2015 at 2:02 pm

    Also, videos don’t start automatically on tabs opened in the background (on YouTube at least). I know it was an upcoming feature but in the latest release they activated it. Pretty good.

  2. Pants said on October 15, 2015 at 1:34 pm

    I do not like this one iota. If I go to a secure site, I want to know if it’s leaking anything in the clear. Security issues shouldn’t be mucked around with – four states is fine. We’re not babies – we can handle FOUR states. Heck .. I can count them on one hand. This is a ridiculous move by Chrome – and it will NOT encourage site operators, because people won’t be alarmed by it and complain etc.

    Looking at the sample pic, going to an https site that is mixed doesn’t even show a friggin’ padlock. And yellow was always too wishy-washy for me … it should have been orange. But I guess it’s a moot point now, because google want to over-simplify everything.

    1. anon said on October 17, 2015 at 6:57 pm

      A site with mixed content is not secure so Google’s decision to change the indicators is correct. It shouldn’t matter that certain parts are secure if the whole is not secure.

    2. Bobby Phoenix said on October 15, 2015 at 3:10 pm

      “I do not like this one iota. If I go to a secure site, I want to know if it’s leaking anything in the clear.” It does do that. If you don’t see the green padlock then that means your stuff is not secure. It’s simple. No padlock = data can be leaked. Padlock = safe.

      1. Pants said on October 15, 2015 at 5:19 pm

        I understand that. The point is, if you initiate a connection with a secure website then it should show a padlock – this is a VISUAL indicator that you are using HTTPS – why take that away? (If its good, go green, if its bad go red, if its mixed then amber).

    3. Martin Brinkmann said on October 15, 2015 at 1:36 pm

      We are in the user babysitting age.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.