Information
Setting controls whether users can add exceptions to allow mixed content for specific sites.
Do not allow any site to load mixed content (2)
Allow users to add exceptions to allow mixed content (3)
The recommended state for this setting is: Enabled with the value of Do not allow any site to load mixed content (2)
NOTE: This policy can be overridden for specific URL patterns using the InsecureContentAllowedForUrls and InsecureContentBlockedForUrls policies.
Rationale:
Allowing mixed (secure / insecure) content from a site can lead to malicious content being loaded. Mixed content occurs if the initial request is secure over HTTPS, but HTTPS and HTTP content is subsequently loaded to display the web page. HTTPS content is secure. HTTP content is insecure.
Impact:
Users will not be able to mix content.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Do not allow any site to load mixed content:
Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Content Settings\Control use of insecure content exceptions
Default Value:
Unset (Same as Enabled: Allow users to add exceptions to allow mixed content, but user can change)