Why does Chrome’s HTTPS validation show the “!” icon for Mixed Content, but when I have Developers Console open, reload, it says fully secure

I have a secure (HTTPS) website which Chrome displays the “!” icon in the URL bar denoting that that I have Mixed Content. So I hit F12 (Developers Console), go under the Security tab, which says there’s mixed content, and to Reload the page.

After reloading the page, it says that the content is fully secure. I’ve tried different computers, incognito tabs, and clearing cache/cookies and this persists.

Regardless, every time I load a page without Developers Console open, it will say it’s Mixed Content. As soon as I open Developers Console and browse around the site, Chrome will say it’s fully secure.

This only happens in Chrome (not Edge).

Example of Chrome’s Dev Console below:

enter image description here

My site had an article listed in chrome’s “Articles for you” / “suggested content”

So, you've probably noticed that chrome on mobile shows you 'articles for you' now when you open a new tab. The other day i noticed tons of referral traffic coming from googleapis.com domain – which I then tracked down to being this 'articles for you' thing.

So, they linked one recent article that was posted on my site – but none prior and none of the 3-4 afterwards.

I'm seeing some traffic to another article I wrote yesterday, but literally less than 10 from that referral domain.


My site had an article listed in chrome's "Articles for you" / "suggested content"

Prioritize URL over search in Chrome’s Omnibox

I’m the kind of chrome user that is used to quickly navigate by entering the first or the first two letters of an URL in chrome and hitting enter.

Since the last update though, Google kind of screwed up my navigation ability by prioritizing search instead of URLs I regularly use. Let’s say I type “s” to get on StackOverflow… It works fine as long as I don’t search for something starting with “s”. If I search for “Soldering Iron” I need to then remove the search in order to navigate quickly again.

I tried to search for a flag and in the options, but honestly, there are so many and their description is so evasive that I don’t have a clue.

I don’t want to disable the Omnibox, I just want to reverse the order of chrome’s autocomplete suggestions: URL first. Search after.

What does “This request does not comply with Chrome’s Certificate Transparency policy.” in Chrome’s Security Tab mean?

When you open up Chrome’s DevTools and switch to the Security Tab you’ll see the message This request does not comply with Chrome's Certificate Transparency policy. on some origins. (Example: https://de.ioam.de when you visit https://www.sportschau.de/index.html)

I know the concept of Certificate Transparency in general but I neither know what Chrome's Certificate Transparency policy is nor do I know what the impact of this statement is.

Obviously Chrome establishes the https connection to this host, but what’s wrong here?

Will https connections to affected origins be blocked in the future?

Does Chrome’s password manager store plaintext passwords in their databases?

Chrome’s password manager allows for users to view their saved passwords on passwords.google.com. The saved passwords can be viewed on different devices as long as the user logs into their Google account. So, these passwords must be stored in a Google database. Is it known as to whether the passwords are encrypted in this database, so that Google wouldn’t be able to know what your account passwords are?

What does clicking the word “`(change)`” do in Google Chrome’s Extension “Save to Google Drive”?

What does clicking the word “(change)” do, in the window the “Save to Google Drive” Extension (https://chrome.google.com/webstore/detail/save-to-google-drive/gmbmikajjgmnabiglmofipeabaddhgne) pops after every save for Google Chrome to Google Drive?

"(Change)" (https://drive.google.com/file/d/1Vn6mtk7JjThMmdRK-Gaj6nwX6Amna91y/view?usp=sharing is the version saved with said tool showing the unknown/unspecified word in question “(change)“.)

Thoughts on Chrome’s Plan to Distrust Symantec Certificates

This has been a topic that's been ticking the back of my mind now for quite some time.

Amazon uses symantec cert for the product images that we show on our site.
And google is scheduled (April 17 Chrome update 66) to deem unsecure any site using Symantec certs issued before 2016.

So what will really happen when Chrome update 66 kicks in?
Has Amazon updated their certs? If so, why do we see the images-na.ssl-images-amazon warnings in our browser inspects?
And what exactly dose…

Thoughts on Chrome’s Plan to Distrust Symantec Certificates