Chrome users may configure the web browser to allow site content, e.g. JavaScript or Cookies, only on HTTPS sites and not on HTTP sites.

One of the things that Internet users may do when it comes to privacy and security on the Internet is to restrict access to certain browser features by sites and services.

Browsers support a wide range of features that are often enabled by default so that sites and applications may use them right away. While that is certainly convenient and better for usability, it may have consequences on privacy and security.

A basic example is WebRTC which all modern web browsers support. Sites may exploit it to get the "real" IP address of the device the user is using even if proxies or VPNs are used.

Chrome site content configuration

https://www.ghacks.net/wp-content/up...t-settings.png

Google Chrome gives users options to manage certain types of content that the browser supports to restrict access to it. Content such as cookies, JavaScript, notifications, or pop-ups can be allowed, blocked, or customized.

All that needs to be done for that is to open chrome://settings/content in the browser's address bar to manage these settings.

While it is possible to block features for all sites and whitelist some sites that you'd like to allow access to a particular feature, you may also set wider rules. One of these wider rules allows certain content only on HTTPS sites and not on HTTP sites.

https://www.ghacks.net/wp-content/up...cript-rule.jpg

Here is how you'd configure Chrome to do just that.

  1. Open chrome://settings/content in the browser to display the available content settings.
  2. Locate JavaScript on the page and click on it to display the available options.
  3. Toggle JavaScript so that it is set to blocked.
  4. Click on the "add" button next to allow to add an exception to the main rule (which tells Chrome to block JavaScript on all sites but sites under Allow).
  5. Type https://*.
  6. Click on the add button to add the new rule to the browser.

The effect of the change is that Chrome will block JavaScript execution if HTTP is used and not HTTPS. The same rule can be applied to other content settings, e.g. to Cookies so that cookies are only accepted on sites that use HTTPS.

It is possible that you may run into sites that don't work properly after you make the change. You could consider adding these sites to the list of exceptions (allow) as well to get them to work again in the browser.