|Effective January 1st, 2021, the Google Chrome browser will be starting to block certain types of content on webpages that are hosted on both secure and insecure web servers. This affects what is called “mixed-content rendering and mixed content downloads”.
For users that may have updated their Chrome browser, it will block HTTP file (images, docs, pdf) downloads from an HTTPS site by default.
Why has Google made this change?
Insecurely downloaded files are a risk to users’ security and privacy. For instance, insecurely downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely downloaded bank statements.
What does this mean to itracMarketer users?
A majority of the recipients or contacts of your email campaigns likely use Google Chrome. This may affect their ability to access non-HTTPS downloads or images started on secure pages.
– If a user is viewing a secure webpage (HTTPS), and if any of the content displayed as part of the webpage is hosted on a non-secure link (HTTP), then the content (image, video) will be displayed as a broken image.
– If a user is viewing a secure webpage (HTTPS), and if there is a download link or attachment in the webpage, and the corresponding content is hosted on a non-secure site (HTTP or FTP only), then clicking on the link will result in error.
What action do I take?
An immediate fix that would be required to implement this would-be fixing document(s) or image/video/PDF link(s) hosted with the HTTP prefix. This can be implemented on your internal company URLs by your IT team.
It may also affect any 3rd party hosted URLs that are required to be secure. An example of referencing another company or individual’s website in an email that you send from the itracMarketer application is below:
What has itracMarketer done to ensure that images and / or documents are secure?
itracMarketer has reviewed and updated all of our servers that host images and documents on behalf of our customer accounts. However, if a user places a link to a webpage and/or document in their email template content it will need to be hosted by a secure server location with a location prefix starting with HTTPS. This will ensure that it works properly for contacts that receive and open the email link in new or recently updated versions of the Chrome browser.
Where can I find more information?
You can read more about this new development in this article link by Google: https://security.googleblog.com/2020/02/protecting-users-from-insecure_6.html