Configure Chrome to allow site content only on HTTPS sites - gHacks Tech News

Configure Chrome to allow site content only on HTTPS sites

Chrome users may configure the web browser to allow site content, e.g. JavaScript or Cookies, only on HTTPS sites and not on HTTP sites.

One of the things that Internet users may do when it comes to privacy and security on the Internet is to restrict access to certain browser features by sites and services.

Browsers support a wide range of features that are often enabled by default so that sites and applications may use them right away. While that is certainly convenient and better for usability, it may have consequences on privacy and security.

A basic example is WebRTC which all modern web browsers support. Sites may exploit it to get the "real" IP address of the device the user is using even if proxies or VPNs are used.

Chrome site content configuration

chrome content settings

Google Chrome gives users options to manage certain types of content that the browser supports to restrict access to it. Content such as cookies, JavaScript, notifications, or pop-ups can be allowed, blocked, or customized.

All that needs to be done for that is to open chrome://settings/content in the browser's address bar to manage these settings.

While it is possible to block features for all sites and whitelist some sites that you'd like to allow access to a particular feature, you may also set wider rules. One of these wider rules allows certain content only on HTTPS sites and not on HTTP sites.

chrome https javascript rule

Here is how you'd configure Chrome to do just that.

  1. Open chrome://settings/content in the browser to display the available content settings.
  2. Locate JavaScript on the page and click on it to display the available options.
  3. Toggle JavaScript so that it is set to blocked.
  4. Click on the "add" button next to allow to add an exception to the main rule (which tells Chrome to block JavaScript on all sites but sites under Allow).
  5. Type https://*.
  6. Click on the add button to add the new rule to the browser.

The effect of the change is that Chrome will block JavaScript execution if HTTP is used and not HTTPS.  The same rule can be applied to other content settings, e.g. to Cookies so that cookies are only accepted on sites that use HTTPS.

It is possible that you may run into sites that don't work properly after you make the change. You could consider adding these sites to the list of exceptions (allow) as well to get them to work again in the browser.

Now You: do you block certain types of content in your browse?

Summary
Configure Chrome to allow site content only on HTTPS sites
Article Name
Configure Chrome to allow site content only on HTTPS sites
Description
Chrome users may configure the web browser to allow site content, e.g. JavaScript or Cookies, only on HTTPS sites and not on HTTP sites.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. ShintoPlasm said on November 1, 2018 at 10:13 am
    Reply

    Another way in which Chrome is superior to Firefox – the permissions system…

    1. rickmv said on November 1, 2018 at 9:13 pm
      Reply

      And if you put current Firefox and Chrome window side by side, mostly all regular users looking for a browser can’t see any difference in UI and functionality. Add that Chrome is heading north of 70% usage and most Web technologies and sites follow 100% compatibility with Chrome first, some Chromium based browsers like Vivaldi offering great out of the box customization and going after users who likes to own their web browser and have power features, all this it is sadly heading Firefox, once the true power user dedicated browser, into oblivion, just hanging there soon under 10% with Edge and Safari. But this is OK as it is the goal laMezilla is pursuing lately.

  2. Anonymous said on November 1, 2018 at 10:52 am
    Reply

    “A basic example is WebRTC which all modern web browsers support. Sites may exploit it to get the “real” IP address of the device the user is using even if proxies or VPNs are used.”

    I find it surprising that when people including experts talk about the problems with webRTC, they almost always only mention the IP leak for VPN users. Including ghacks’s 2014 article. But there’s a much bigger problem because it affects all users : it allows silent bandwidth theft by any site. They can use us as their free CDN by establishing connections from us to other site visitors to send them site data by filling our upload bandwidth. This resource abuse is not unlike malicious cryptocurrency mining but fortunately it’s much easier to counter by disabling webRTC by default : on Firefox set media.peerconnection.enabled on false, or use the Disable WebRTC extension

    https://addons.mozilla.org/firefox/addon/happy-bonobo-disable-webrtc/

    to toggle it at will. There are very few sites that use webRTC for legitimate purposes anyway, for example sites to video chat with other users. Most of other sites use it for bandwidth theft or as a stealthier channel to load ads.

    I think that Chrome had that vulnerability even before webRTC by simply using websockets, while Firefox had chosen to require TLS for them, which made it impossible for the site to use them to connect sites visitors to other random visitors.

    http://micro.nicholaswilson.me.uk/post/65681505329/mozilla-vs-google-on-user-privacy-websockets

    1. John Fenderson said on November 1, 2018 at 6:19 pm
      Reply

      @Anonymous:

      You make a good point, but I disagree that “bandwidth theft” is a bigger problem than IP leakage. The leakage, to me, is at least an order of magnitude more problematic. But they’re both bad.

      All of this (and more) is why I would not use a browser that supported WebRTC without a means of disabling it completely, and I would never enable it.

      1. Anonymous said on November 2, 2018 at 12:16 am
        Reply

        @ John Fenderson

        Yes, for the small percentage of people using VPN/proxy, the IP leak is a worse problem than the bandwidth theft, but for all other users this IP leak problem is irrelevant while bandwidth theft is something relevant for them but that they’ll never hear about. That’s what I meant.

  3. Emanon said on November 1, 2018 at 11:49 am
    Reply

    It’s actually a good tip, is something I been doing for a while.

  4. noemata said on November 1, 2018 at 12:45 pm
    Reply

    i am a firefox user, but sometimes i have to use chrome. good article! but how does it work with cookies?

  5. Radical Dreamer said on November 1, 2018 at 2:27 pm
    Reply

    Is this possible to achieve with Firefox?

  6. beef623 said on November 1, 2018 at 4:19 pm
    Reply

    Why would anyone do this?

    There is NO reason to browse https constantly. Sure, it makes sense on sites that need to be secure, like banking, Amazon or Facebook, but for sites like this one, all it accomplishes is to slow the loading time and increase the memory footprint.

    1. John Fenderson said on November 1, 2018 at 6:22 pm
      Reply

      “There is NO reason to browse https constantly”

      Not true. There are lots of good reasons why people might want to do this — to reduce the likelihood of man-in-the-middle attacks, for instance. You might not want to do it — which is fair, as it doesn’t come without cost — but this remains optional, so you’re good.

    2. Anonymous said on November 1, 2018 at 8:56 pm
      Reply

      > There is NO reason to browse https constantly.

      Hide part of the URLs, page contents, and your own contributions from your ISP and anybody else on the line trying to sell your private life ? Prevent ads injection from the same people ? Make police mass surveillance more expensive ?

      1. beef623 said on November 2, 2018 at 2:57 pm
        Reply

        SSL (https) doesn’t hide any part of the url or hide where you’re going, it only encrypts the data being transferred. It does very little to prevent man in the middle attacks (nothing to prevent them at a network level) and for the vast majority of the web, which is purely content, does nothing to make you safer or more private.

      2. Anonymous said on November 2, 2018 at 11:57 pm
        Reply

        > SSL (https) doesn’t hide any part of the url or hide where you’re going, it only encrypts the data being transferred.

        The part of the URL after the domain is transferred encrypted, isn’t it ?

        > It does very little to prevent man in the middle attacks (nothing to prevent them at a network level)

        Could you elaborate on this ? https authenticates the servers. Isn’t it better than nothing ?

        > and for the vast majority of the web, which is purely content, does nothing to make you safer or more private.

        That’s assuming https doesn’t hide any part of the URL, and that it’s as useless as http against man in the middle attacks.

      3. John Fenderson said on November 5, 2018 at 8:51 pm
        Reply

        @beef623:

        “SSL (https) doesn’t hide any part of the url or hide where you’re going”

        Yes, it does. HTTPS does not hide the domain name you’re going to (that’s required to be visible in order to route the packets), but it does hide the rest of the URL.

        “It does very little to prevent man in the middle attacks (nothing to prevent them at a network level)”

        Also not true. In order to conduct a MITM attack on an HTTPS connection, attackers have to install special certs on your machine. If that hasn’t happened, you’re good.

      4. beef623 said on November 5, 2018 at 11:19 pm
        Reply

        No, it doesn’t hide anything in the URL. You can easily test this with a packet sniffer.

      5. Anonymous said on November 6, 2018 at 11:09 am
        Reply

        @beef623

        Could you post the result of your sniffing ?
        As far as I understand, the non-domain part of the URLs is only used at higher layers and is not needed in clear before encryption, while the domain only is visible in clear in the SNI field. The evilSnobu answer here

        https://stackoverflow.com/questions/499591/are-https-urls-encrypted

        claims to have checked that with a wire capture. This is the point of encrypting the SNI field ; according to the ESNI draft:

        https://tools.ietf.org/html/draft-ietf-tls-esni-01

        ===================
        Although TLS 1.3 [RFC8446] encrypts most of the handshake, including
        the server certificate, there are several other channels that allow
        an on-path attacker to determine the domain name the client is trying
        to connect to, including:

        o Cleartext client DNS queries.

        o Visible server IP addresses, assuming the the server is not doing
        domain-based virtual hosting.

        o Cleartext Server Name Indication (SNI) [RFC6066] in ClientHello
        messages.
        ===================

        These channels do not leak the non-domain part. There could be other URL leaking mechanisms omitted in this list, but which ones ? Do you have a reference ?

      6. John Fenderson said on November 6, 2018 at 6:20 pm
        Reply

        @beef623:

        Although I’ve sniffed tons of HTTPS traffic in the past (part of my job), I just sniffed the traffic from a couple of HTTPS exchanges now, just to be extra sure. The only thing revealed in the clear were the domain names I was going to. The URL itself was encrypted.

        If you are seeing protected data in the clear with HTTPS, then I would suggest that you take a much closer look at what’s going on with your machine. Something is misbehaving.

  7. Richard Allen said on November 1, 2018 at 8:02 pm
    Reply

    I have to agree about the permissions in Chromium browsers being better than FF but only as far as javascript permissions are concerned.

    I’ve always liked that Chrome has had to ability to block js globally and/or per site. I have for a long time now set chromium browsers to disallow js except for on the TLDs com, net and org. I could have disabled js everywhere but I’m lazy and didn’t want to end up having to create 100 exceptions for sites I regularly visit and then have Chrome Sync mess it up at some point, which has happened in the past. Other than javascript I don’t see any advantages in Chrome permissions over FF. Am I missing something?

    It seems to me that Chrome is at a big disadvantage when it comes to security and privacy and that’s not even talking about the whole Do No Evil myth.

    For instance, “exceptions” which I consider to be permissions related. If I set Chrome to “Clear on exit” google.com and weather.com, cookies are cleared but… I will still see a channel ID, local storage, cache storage and database storage. Conversely in Firefox, if I set google and weather.com to “Allow for Session” when I close FF all cookies And storage for those websites will be deleted. Also in FF, if I don’t have an exception for a website, I can use that site, like google search for instance, and before closing the tab open the Site Info button in the address bar and click on the button to “Clear Cookies and Site Data”. Not something I use everyday but I use it often enough to be thankful it’s there.

    Getting back to javascript. Easily the most important type of content that needs to be controlled. In FF and Chrome I use No-Script Suite Lite, only as a js whitelist. Back when, all the other addons I tried were inconsistent in their js blocking. It’s very light on resource use and only takes a couple seconds to whitelist a website. So, with that addon Every new website I visit automatically has js disabled and in case of any unwanted redirects my browsers will not be vulnerable to malicious scripts. Sure, I could use uBO to disable js globally but I don’t want to deal with that. And I already have uBO using over 300 rules and filters that I’ve created, will another 100-200 rules affect uBO performance? I wonder. Anyway, I have uBO set to globally block iframes and with my noop rules, embedded video and whatnot still works. That said, I do have about 3 dozen websites that have 3rd-party js disabled in uBO. Any site I see that loads 10 or more domains on a webpage will get 3rd-party js disabled. I’ve actually seen websites load over 100 domains here in the Wild West, without content blocking. And I think 10 is a little much? LoL

    It’s great that chromium browsers have built in access to js permissions but it’s an all or nothing proposition and that’s not really good enough. Some websites require js be enabled to view Any content, I usually just leave when that happens but I could instead disable 1st and 3rd-party js with uBO before enabling js in NO-Script. Then… pray that any inline scripts are safe which is why I usually just leave unknown new websites. :)

    https://i.postimg.cc/G3BjxDKm/Chrome-Site-Data.png
    https://i.postimg.cc/7PpnsLtM/Firefox-Site-Data-and-Permisions.png

    1. noemata said on November 3, 2018 at 1:49 pm
      Reply

      @r.a. good post. on this one:” If I set Chrome to “Clear on exit” google.com and weather.com, cookies are cleared but… I will still see a channel ID, local storage, cache storage and database storage.”

      doesn’t happen if you use duckduckgo as search engine in chrome (at least for me *lol*).

      if you use google as search engine in chrome, it will always save your listed data, especially when you open a new tab. additionally you should block https://[*.]google.com, https://[*.]www.google.com and so on in chrome – despite ublock origin.

      but that doesn’t change the perfidy of google/chrome.

  8. Steve#99 said on November 1, 2018 at 11:17 pm
    Reply

    Firefox should have a prefs.js setting to force ALL request over https and never allow http. Hopefully soon, Moz will replicate these new chrome privacy enhancing features.

    On my internet browsing VM, I block ports 53 and 80 via the Win 7 firewall and very rarely allow either of these leaky ports. Thanks to EFF’s browser extension “HTTPS Everywhere”, users have a tool so they can mostly avoid 80. Once Cloudflare et al implement encrypted SNI, users will have fairly tight a privacy.

    …Tight, except for when dealing with the fools errand of Windows updates….

    It is almost 2019 and Microsoft still delivers Windows updates, along with the machine’s vital root certificates and vital security updates, via unsecured/unsafe/publicly viewable/easily mitm’d clear text port 80….

    Once you get those unsecured updates on your box, they are “verified” via certificates that were delivered over unsecured port 80. It really doesn’t matter though. Given Microsoft’s past history, once the updates are installed, your computer is going to turn into a raging dumpster fire.

    1. Anonymous said on November 2, 2018 at 11:12 am
      Reply

      “Once Cloudflare et al implement encrypted SNI, users will have fairly tight a privacy.”

      Only as far as you can trust your DNS provider for privacy more than your ISP. In the Cloudflare DNS or Google DNS case especially, I wouldn’t.
      Also, even with hostnames hidden the ISP will still see the target IP, which may still contain some information about what you’re doing.

      Also, thanks to ubiquitous Cloudflare-like reverse proxies that act as a man-in-the-middle and see everything in cleartext, the https privacy guaranties are still illusory, although better than nothing of course.

      1. Steve#99 said on November 2, 2018 at 2:18 pm
        Reply

        The goal is to protect user privacy to the greatest extent while allowing users freedom to use the internet. But those two goals are at odds with one another. Thus, we use whatever tools and practices available that moves us in the desired direction and away from the other.

        I have zero trust in my ISP and believe them to be completely hostile toward their paying customers. On the other hand, Cloudflare frequently goes against the establishment grain; their business practices lean to favor both their customers and users of their products.

        I have absolute zero trust in google and believe them to engage in too many practices that are hostile against user privacy. Thus, I block google at every point.

        I do trust Cloudflare to the extent that any corporation can be trusted. Thus, I use Cloudflare’s for all DNSCrypt activity and would have no problems using them for any service I ever required. In ref to DNS/DNSCrypt, Cloudflare states they do not collect/store user DNS activity. Until I learn otherwise, I will take them at their word.

        In ref to encrypted SNI, though our ISPs can see all IP activity, I would prefer my ISP not knowing whether I am going to HelloKitty.fav.com or CorruptPoliticians.fav.com. In my case, I doubt my ISP is looking at the SNI field to mine personal customer data and would think they are going after the low hanging fruit of DNS lookups/IP activity. But still, once encrypted SNI is adopted, I’d feel a bit better about internet privacy.

        In ref to reverse proxies, I think if Cloudflare got caught snooping in on reverse proxy client data, that business would quickly end. It is in their best interest not to snoop.

      2. Anonymous said on November 3, 2018 at 5:27 pm
        Reply

        “On the other hand, Cloudflare frequently goes against the establishment grain; their business practices lean to favor both their customers and users of their products.”

        According to
        https://techcrunch.com/2011/06/27/cloudflare-ceo-our-marketing-strategy-is-sign-up-all-of-the-worlds-international-criminals-tctv/
        “Prince and his team were inspired to start the company after a call from the Department of Homeland Security”
        Not quite anti-establishment…

        They managed to put themselves in a position where they decrypt centrally and massively a good part of the world https traffic, for comparatively questionable benefits. For some obscure reason in spite of this elephant in the room their corporate propaganda succeeded in painting them as privacy heroes.

        “In ref to reverse proxies, I think if Cloudflare got caught snooping in on reverse proxy client data, that business would quickly end. It is in their best interest not to snoop.”

        There has been many privacy scandals in the past and none of the big corporations responsible for them has seen its business end.

      3. Steve#99 said on November 4, 2018 at 3:40 pm
        Reply

        Read the techcrunch article you cite, it contridicts the point you attempted to make. I read it and did a some research. I found Cloudflare to be far more anti-establishment than I thought. It verges in the direction of ugly & criminal, but free speech is complex and not my area of expertise. I only knew Cloudflare hosted Pirate Bay and that is what I had in mind when I wrote of them being anti-establishment. I have zero kindness for corrupt organizations such as riaa/mpaa and activities such as censorship/sopa/tpp/and especially modern draconian copyright bills* bribed into law via immoral, completely corrupted sycophant politicians/corporations/lobbyist.

        See the below link about why my preference is to use DNSCrypt and Cloudflare as resolvers.

        https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/

        Cloudflare issues frequent transparency reports

        https://www.cloudflare.com/transparency/

        *Copyright law is slightly off topic, but goes to my point about Cloudflare…
        Copyright law becomes more anticitizen with every iteration. TPP had a provision in it that a ‘commoner’ could go to prison for simply modifying metadata such as artist name in an mp3 file – any mp3 file they had legally purchased. TPP would have also began to erode the US common allowance of buying a CD and ripping it to mp3 files for personal use. Thanks to the horrible DMCA, no US citizen can legally buy a DVD and rip it for personal use. The MPAA suggest if a customer wants a backup of a movie they just bought, then they must buy two DVD’s of the same title. Buying/ripping mp3s for personal use would have been a criminal act in all other TPP signing countries. So when Cloudflare takes a stand against SOPA, riaa, et al, I say well done because there are very few politicians standing up for the rights of citizens, they are too busy taking in bribes: which here in the US, are called campaign contributions.

      4. Anonymous said on November 5, 2018 at 12:56 pm
        Reply

        “Read the techcrunch article you cite, it contridicts the point you attempted to make. I read it and did a some research. I found Cloudflare to be far more anti-establishment than I thought.”

        I know that the article is written as the same laudative corporate propaganda people can read everywhere, I only referenced it for the interesting quote, but it’s true that it doesn’t give enough context about it, so here is the full story :

        “Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn’t think much about it until, in 2008, the Department of Homeland Security called and said, ‘Do you have any idea how valuable the data you have is?’ That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.”

        Although that’s of course not what the CEO implied, you’re free to conclude or not that Cloudflare itself is also used as a data collection service for the police like their previous business. Which would be furthermore an incentive to sign up shady people.

        I know their privacy policies, they promise not to snoop, the question is, can these be trusted ? They can even be legally constrained not to reveal that they’re snooping. But I concede that they’re more trustworthy than an hypothetical competitor whose privacy policy would allow snooping, that’s not what I’m discussing.

        About their perceived anti-establishment position, you agree that it has nothing to do with privacy, only with their anti-censorship position. But most companies including Google do fight external censorship pressures or injunctions, not because they’re against censorship as a principle, but because they want to be the ones controlling what to censor. They did censor people themselves just because they didn’t like them (ok, they were nazis or something, but they did). And again, if they’re snooping, rejecting shady customers would be counterproductive for that goal.

      5. Steve#99 said on November 5, 2018 at 4:54 pm
        Reply

        >>>”They can even be legally constrained not to reveal that they’re snooping.”

        I agree and the reason I posted a link to their transparency report. Cloudflare tells us everything we need to know, including that intriguing 0 to 249 range. Personally, because the sites I visit are law, tech, & music related, corporations are a larger threat to my privacy than the gov’t. But that’s a much more complex discussion not suited for Martin’s blog as it gets into philosophies spanning from Magna Carta to the destruction of the Bill of Rights.

        >>>”Corporate propaganda…”

        I agree, both gov’t and corporate propaganda (PR) are a massive social problems that will not be solved in my lifetime. Compounded with the herd’s lack of philosophical training compounds the problem, directly diluting society’s potential for a greater.

        >>>”I know their privacy policies, they promise not to snoop, the question is, can these be trusted ?”

        It would take little stretch of the imagination to theorize what Cloudflare is allowing in their datacenters and with their access. Long before the ‘pipeline’ was disclosed in the AT&T SF office, me and a few friends had heavy discussions about the possibility of these types of technologies deployed against the masses. With the ES revelations, it turns out, our speculations were right on the money and none of us were surprised/shocked. So, I would not be shocked to learn that Cloudflare has a gov’t tap in their pipelines and one of those 0-249 nsletters cover that tap.

        That said, I remember early on in Bush’s JDept, that’s the dumb Bush not the father. The JD issued a decree that all tech companies will turn over their data so the JD could sniff it, to see what the masses were up to. This was before the neocon wet dream of 911 so it was kind of a new thing in society. I remember Microsoft exposed its belly like cowards and gave the JD every iota of data it had on its customers/users/visitors/et al – all without a single legal fight. It was google who vigorously fought against the illegal order and partially won. I was quite pleased with google back then.

        But now, it is this same google which attempts to grab every iota of data about our personal lives; now including how our floors are vacuumed, our mastercard data, location data 30x a minute (thanks Chrome Browser!), etc,the list is very long. So, when I would rather not trust companies like MS and google and instead ‘trust’ a company like Cloudflare, it is because of a known history of these companies. To date, Cloudflare has not shown any propensity to violate user trust. That doesn’t mean it is not happening, its just there is no evidence of it… yet. And again, me personally, I have zero to hide. My privacy perspective is directly in line with Eben Moglen’s where most of the entire establishment is in violation of long established social relationships, histories, and philosophical principals. That violation is immorally wrong and incompatible with the so called ideals of the US republic. But, this is what corrupt men bring to the table and we as a people continue to allow it and continue to vote for. As a side note, if someone did have something to hide, the electronic arena is the last place to attempt it. Thus, anyone attempting to keep a secret while using an electronic device doesn’t understand corporate, gov’t, nor technology’s capabilities.

        >>>’Google wants to be the ones controlling what to censor.’
        I 100% agree, google censors content for its own purposes. This was apparent when Google/Schmidt interfered with the 2016 election, doing everything from directly lending tech and tech talent to HRC while using its own tools such as auto complete and their ‘news’ aggregator to tilt the election to HRC’s favor (I’m on the left but with an open, clear mind). During the 2015/2016 political follies, google and the msm were out in force showing to the world just how awful censorship, propaganda, and a media taking political sides can get. What they did to Bernie Sanders was the same thing they did to Ron Paul in 20012. What they attempted to do to Trump backfired and got him elected. The corporate controlled US is a strange world .

        You also have a valid point about Cloudflare censoring the nazis; though I can sympathize about why he did it; it was an awful thing that occurred that sparked his decision. Personally, I think all nut jobs should be given an equal place, even the likes of Alex Jones. I think non-reactive legal & tech types, who see the crazies being shut out from the so called ‘social’ platforms, see it as a violation of principal, along with the potential of longterm damage to our so called US democracy” — today its the nut jobs, tomorrow it’s you.

      6. John Fenderson said on November 6, 2018 at 11:28 pm
        Reply

        @Anonymous: “Only as far as you can trust your DNS provider for privacy more than your ISP. In the Cloudflare DNS or Google DNS case especially, I wouldn’t.”

        I would. Not because Cloudflare or Google DNS are trustworthy, but because my ISP is Comcast.

  9. Kate said on November 2, 2018 at 5:12 am
    Reply

    But don’t worry, Google still helps themselves to all your private data as usual.

  10. Tom said on November 2, 2018 at 5:36 am
    Reply

    In Firefox we have this simpler option:
    security.mixed_content.block_display_content;true
    Not possible to block mixed content in Chrome – at least to my knowledge.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.