Chrome Blocking Mixed Content for Account Engagement Pages

What is happening? What is mixed content? What is the customer impact?

Google has announced plans to deprecate all mixed content, i.e. they will no longer allow pages loaded over HTTPS to load content over vanilla HTTP. Notably, near-future versions of Chrome will block mixed-content downloads. The Chrome Platform status entry states, “Chrome intends to block insecurely delivered downloads initiated from secure contexts... Chrome will begin warning on, then blocking, progressively more mixed content downloads until all such downloads are silently blocked." The plan is published here. Chrome 84 began user-visible warnings on mixed-content downloads, and Chrome will block mixed-content downloads completely by Chrome 88 (around January 2021). This includes showing insecure images as broken links in Chrome 88. Customers who deliver insecure content from secure web pages and emails read from within secure web pages should expect breakage of their insecure content.
 

Impact Summary

Account Engagement customers should not see any impact to the Account Engagement application itself, but web pages and email that contain links to content that cannot be served via HTTPS may fail to render properly, and file downloads (such as PDF downloads) that do not use HTTPS may not be available to visitors and prospects. Customers should ensure that all of their content is accessible via HTTPS, especially downloads and images on their web pages, landing pages, forms, layout templates, email templates, and email campaigns. In particular, note that email campaigns that contain links to non-HTTPS images and tracking pixels may not function properly in browser-based email clients.