Looks kinda like a dorito —

Chrome finally kills off the HTTP-HTTPS “mixed content” warning

Slightly alarming and not wholly useful yellow triangle is being retired.

Chrome finally kills off the HTTP-HTTPS “mixed content” warning

In the new version of Chrome, which should be rolling out to everyone today, the "mixed content" warning—that mysterious little yellow "caution triangle" in the address bar—will finally be removed. Instead, sites with a mix of HTTP and HTTPS content will show a normal, grey piece of paper, as if it's a regular HTTP-only website.

According to Google, this change is intended to "encourage site operators to switch to HTTPS sooner rather than later." The problem is that it's almost impossible to switch completely from HTTP to HTTPS in one fell swoop—there are just too many factors that need to be tested and debugged. At the same time, webmasters weren't keen to begin the migration process to HTTPS because of that pesky mixed content warning, which had a tendency to spook less-experienced users of the Information Superhighway. This was far from an optimal solution, according to Google: "During this [migration] process the site may not be fully secured, but it will usually not be less secure than before."

As a result, in Chrome 46 (on desktop PCs, at least), there will be just three security states: a green padlock (full HTTPS), a red padlock (broken HTTPS), and a grey piece of paper (HTTP). "We’ve come to understand that our yellow “caution triangle” badge can be confusing when compared to the HTTP page icon, and we believe that it is better not to emphasize the difference in security between these two states to most users," says a Google blog post.

In the long term, Google eventually plans to reduce Chrome's security states to just two: secure (full HTTPS) and non-secure (everything else). The goal of this hardcore proposal is to "more clearly display to users that HTTP provides no data security."

Chrome 46, without the mixed security warning, was released to the stable channel yesterday; you may already be running it. If not, your browser should update soon.

Channel Ars Technica