Chrome 86 Will Crack Down Hard on Insecure Forms

Click here to view original web page at www.searchenginejournal.com
Chrome 86 Will Crack Down Hard on Insecure Forms

Google announced that Chrome 86 will begin cracking down on forms that are sent via the insecure HTTP protocol. Publishers are urged to review their sites and make sure that all forms are transmitted via the secure HTTPS protocol.

Some sites that have migrated to HTTPS may still have forms that are transmitting via the insecure HTTP protocol.

If these forms are related to lead generation, it may result in less earnings.

Chrome 86 Insecure Form Warnings

Chrome 86 is due to be released on October 6, 2020. A beta release is scheduled for the week of September 3rd.

Screenshot of Chrome Release Schedule

Screenshot of Chrome 86 release schedule

According to Google:

“Chrome will be making the following changes to communicate the risks associated with mixed form submission…”

The goal is to alert users that they are transmitting information in a manner that may cause it to be viewed by unauthorized third parties.

Although the Chrome autofill feature will not work on insecure forms, the autofill function will still work for passwords.

Google will begin showing the following warning to anyone who is filling out a form that is insecure:

Closeup of a Chrome 86 Insecure Form Warning

Screenshot close up of a form warning
This is a close up screenshot of a warning on a form

The above image is a screenshot of the warning Google will show. The section with the word “example” in it is a form.

Here is a screenshot of the entire form:

Screenshot of Warning on an insecure form

Users who ignore the first warning and then try to submit the form will receive a final warning that blocks them from submitting the form unless they take action to enable the submission:

Screenshot of Chrome 86 Warning

Escalation of Warnings

These new warnings are an escalation of already existing warnings. Previously Chrome was showing a broken lock icon in the browser address bar.

Now Chrome is moving to a warning and actual blocking of form submission.

Tool for Finding Insecure Page Elements

There is currently a useful tool for identifying mixed secure/insecure content. The tool is called, Missing Padlock.

Missing Padlock will scan an entire site looking for insecure page assets. All you have to do is enter your URL and sit back while the tool does all the work.

This is what Missing Padlock searches for:

“When Missing Padlock crawls your site, it looks for images, audio files, video, frames, CSS files, JavaScript files, and forms.”

You can find the tool at MissingPadlock.com

Google Chrome 86 will disrupt the functioning of sites with insecure forms. Publishers still have over a month to fix their sites.

Finding insecure content and fixing it is relatively simple.

Citation

Read the announcement
Protecting Google Chrome Users from Insecure Forms