# Contact emails
# Spec
# Summary
In order to give authors assurance that mixed content will never degrade the security UI presented to their users, authors may choose to enable a stricter variant of mixed content checking which will both block optionally-blockable and blockable mixed content, and suppress the user override options.
# Motivation
User agents generally allow "optionally blockable" mixed content (like images and media files) to load, but degrade the security UI of the site in order to show users that the guarantees of HTTPS aren't being completely upheld by a particular site. Web developers have the ability to ensure that their own sites don't load mixed content, but it can be difficult to ensure the same holds true for third-party content loaded in via frames.
The `block-all-mixed-content` CSP directive allows a site to assert that mixed content should never be loaded in its context, and provides assurance that third-party content can't break the promises the developer wishes to make.
#Compatibility RiskFirefox: I didn't find a bug, but Mozillians were supportive of publishing the spec as CR, so I assume they intend to implement this flag. CCing Tanvi for clarity.
Internet Explorer: No public signals (but they also supported publishing the spec as CR).
Safari: Safari doesn't block any kind of mixed content, which is a shame.
Web developers: No public signals I can point to, but at least one Google property has expressed interest in offering this directive to its users as an option.
# Describe the degree of compatibility risk you believe this change poses
Low. The feature is part of the Mixed Content spec, which has advanced to candidate recommendation with broad support in the WebAppSec working group. Browsers that don't support the directive won't break; they simply will continue to block only "blockable" mixed content, as they do in the status quo.
# Ongoing technical constraints
None
# Will this feature be supported on all six Blink platforms
Yes
# OWP launch tracking bug
# Requesting approval to ship?
Yes
Thanks!
-mike