17 Aug Chrome 86 Will Crack Down Hard on Insecure Forms via @martinibuster
Google announced that Chrome 86 will begin cracking down on forms that are sent via the insecure HTTP protocol. Publishers are urged to review their sites and make sure that all forms are transmitted via the secure HTTPS protocol.
Some sites that have migrated to HTTPS may still have forms that are transmitting via the insecure HTTP protocol.
If these forms are related to lead generation, it may result in less earnings.
Chrome 86 Insecure Form Warnings
Chrome 86 is due to be released on October 6, 2020. A beta release is scheduled for the week of September 3rd.
Screenshot of Chrome Release Schedule
According to Google:
“Chrome will be making the following changes to communicate the risks associated with mixed form submission…”
The goal is to alert users that they are transmitting information in a manner that may cause it to be viewed by unauthorized third parties.
Although the Chrome autofill feature will not work on insecure forms, the autofill function will still work for passwords.
Google will begin showing the following warning to anyone who is filling out a form that is insecure:
Closeup of a Chrome 86 Insecure Form Warning
The above image is a screenshot of the warning Google will show. The section with the word “example” in it is a form.
Here is a screenshot of the entire form:
Users who ignore the first warning and then try to submit the form will receive a final warning that blocks them from submitting the form unless they take action to enable the submission:
Escalation of Warnings
These new warnings are an escalation of already existing warnings. Previously Chrome was showing a broken lock icon in the browser address bar.
Now Chrome is moving to a warning and actual blocking of form submission.
Tool for Finding Insecure Page Elements
There is currently a useful tool for identifying mixed secure/insecure content. The tool is called, Missing Padlock.
Missing Padlock will scan an entire site looking for insecure page assets. All you have to do is enter your URL and sit back while the tool does all the work.
This is what Missing Padlock searches for:
“When Missing Padlock crawls your site, it looks for images, audio files, video, frames, CSS files, JavaScript files, and forms.”
You can find the tool at MissingPadlock.com
Google Chrome 86 will disrupt the functioning of sites with insecure forms. Publishers still have over a month to fix their sites.
Finding insecure content and fixing it is relatively simple.
Citation
Read the announcement
Protecting Google Chrome Users from Insecure Forms
Sorry, the comment form is closed at this time.