How does Chrome blocking mixed content affect Salesforce Marketing Cloud email deliverability?
Matthew Whittaker
Co-founder & CTO, Suped
Published 22 Apr 2025
Updated 15 Aug 2025
8 min read
The digital landscape is constantly evolving, and with it, the rules of email deliverability. One significant shift impacting how emails are displayed and perceived by recipients is the increasing crackdown on mixed content by web browsers like Chrome. Mixed content occurs when a secure HTTPS page attempts to load insecure HTTP resources. While this primarily targets websites, its implications for email marketing, especially for platforms like Salesforce Marketing Cloud (SFMC), are worth examining closely.
Many marketers using SFMC have expressed concerns about how Chrome's blocking of mixed content might affect their email deliverability, particularly regarding unsecured click tracking domains. While the direct impact on email deliverability for every campaign might not be immediate, it certainly influences how your emails are rendered, user trust, and ultimately, engagement. Understanding these nuances is crucial for maintaining a strong sender reputation and ensuring your messages reach the inbox effectively.
Understanding mixed content and its impact
Mixed content refers to a situation where an initial HTML page is loaded over a secure HTTPS connection, but other resources on that page (like images, videos, stylesheets, or scripts) are loaded over an insecure HTTP connection. Browsers identify these insecure elements and often warn users, or outright block the content, to protect against potential security risks such as passive eavesdropping or active attacks.
For email, mixed content typically involves images or external assets loaded into the email body. If your email contains an image hosted on an HTTP URL, while the email client itself is accessed via HTTPS (which is common for webmail clients like Outlook and Yahoo Mail), it creates a mixed content scenario. Salesforce has acknowledged these changes, particularly concerning images and links within their CMS and Experience Cloud, indicating a broader industry shift towards full encryption. You can read more about it in their documentation on Chrome blocking mixed content.
While email clients handle content differently than web browsers, the trend is clear. Modern email clients and Internet Service Providers (ISPs) increasingly favor secure connections to protect their users. An email with mixed content might not trigger a direct browser warning in the same way a website would, but it can still lead to a degraded user experience. Images might fail to load, or recipients might see security warnings within their email client, eroding trust in your brand and impacting how your emails are filtered.
Insecure content
HTTP images: Images embedded with HTTP URLs might be blocked or show broken links.
Tracking links: If click tracking domains use HTTP, it can appear less secure.
How mixed content manifests in email
While Chrome's primary focus is on browser-based content, the underlying principle extends to email. When an email is opened in a webmail client (accessed via a browser like Gmail, AOL, or Outlook.com), any insecure content within the email can still trigger warnings or display issues. For instance, Gmail and Outlook's web clients may flag mixed content, especially if the sender is not in the recipient's address book, impacting perceived trustworthiness. For more information, read this guide on if HTTPS/SSL improves email deliverability.
One key difference for emails is how major email providers handle images. Many email clients, including Gmail, Yahoo Mail, and AOL, proxy all images through their own servers, effectively converting them to HTTPS regardless of their original protocol. This means that even if you link to an HTTP image, it might be served securely to the recipient, mitigating some of the direct mixed content blocking concerns for images within these clients.
However, the situation with click tracking links is more nuanced. While the initial click on a tracking link might be handled by the backend system (and thus not directly subject to browser mixed content blocking at that immediate moment), the redirect that follows is often browser-dependent. If your tracking domain redirects to an unsecured HTTP page or uses HTTP for its tracking endpoints, it can still introduce vulnerabilities or trigger warnings further down the line, affecting the user experience and potentially contributing to a negative perception of your email's security. This is why Google's sender guidelines emphasize content integrity.
Email client
Image handling for HTTP images
Gmail
Proxies images through HTTPS, displaying them securely.
Outlook.com
Typically proxies images to HTTPS to ensure secure display.
Yahoo Mail
Also proxies images to HTTPS for secure loading.
Desktop clients (e.g., Apple Mail)
Behavior varies; some may block or warn more directly.
Mitigating mixed content issues in SFMC
To prevent mixed content issues in your Salesforce Marketing Cloud emails, it's essential to ensure all your email assets and associated domains use HTTPS. This includes images, links, and any other external resources. Salesforce has provided guidance on this, including updating insecure images and links across their platforms. For marketers, the core principle is to use secure connections wherever possible.
Start by auditing your SFMC setup. Check your Account Settings for a portfolio base URL that uses HTTPS. If you're using older landing pages, consider migrating them to CloudPages and verifying that all URLs within them are secure. When hand-coding emails or content, always double-check that image sources and hyperlinks begin with https://. Implementing secure links is a crucial part of boosting email deliverability rates.
For tracking domains, while SFMC's backend processes might handle the initial click, the industry is moving towards universal TLS. There's no longer a strong excuse for an Email Service Provider (ESP) not to wrap all endpoint links, including tracking links, in TLS. Ensuring your custom domains used for click tracking are also HTTPS-enabled is a proactive step that enhances security and mitigates potential future deliverability challenges. It's important to use HTTPS for email links and images.
Old approach
Unsecured assets: Using HTTP for images, CSS, or JavaScript within emails.
Potential warnings: Risk of email clients or browsers displaying mixed content warnings.
Degraded experience: Images may not load, impacting email appearance and user trust.
Recommended approach
Secure assets: Ensure all image, link, and content URLs are HTTPS.
Enhanced trust: Users see fully secure content, building confidence in your brand.
Improved deliverability: Fewer issues with content rendering can positively impact inbox placement.
Deliverability implications and best practices
The immediate, direct impact of Chrome blocking mixed content on email deliverability for Salesforce Marketing Cloud is often less severe than for websites. This is largely due to how email clients (especially webmail) handle images and the backend processing of tracking links. However, the indirect effects can still be significant. A recipient's browser experience with mixed content on landing pages, or even subtle warnings in some email clients, can influence their engagement and trust in your brand.
Ultimately, the push for HTTPS everywhere reflects a broader industry standard for security and user trust. Ensuring all your email content, including images and tracking links, is served over HTTPS demonstrates a commitment to security and professionalism. This alignment with modern security practices can contribute positively to your sender reputation and, by extension, your email deliverability. Consider how SSL is important for tracked links to improve deliverability.
Always use HTTPS for all images and links within your Salesforce Marketing Cloud emails.
Regularly audit your SFMC setup, including portfolio base URLs and CloudPages, to ensure they are fully HTTPS.
Prioritize securing your custom tracking domains with SSL/TLS certificates.
Educate your team on the importance of HTTPS in email content creation.
Common pitfalls
Relying solely on email client proxies to convert HTTP images to HTTPS, as this may not always apply.
Overlooking insecure HTTP redirects from click tracking links after the initial click.
Using hand-coded templates that hardcode HTTP URLs for assets or links.
Assuming that browser mixed content blocking on websites has no relevance to email content.
Expert tips
Implement a content security policy for your email domains where supported.
Utilize free SSL/TLS certificates (e.g., Let's Encrypt) to secure your domains cost-effectively.
Ensure your email authentication protocols (SPF, DKIM, DMARC) are correctly configured alongside HTTPS.
Perform regular email deliverability tests that include checking for mixed content issues.
Expert view
Expert from Email Geeks says that for click tracking links viewed in Chrome on webmail platforms, the backend platform actually loads the link, not the web browser. However, there's no excuse for ESPs not to use TLS for all endpoint links these days.
2023-11-10 - Email Geeks
Marketer view
Marketer from Email Geeks says that mixed content issues primarily involve images loading over HTTP, not HTTPS, and this does not impact links or click tracking in emails. They also note that Gmail, Yahoo, and AOL proxy all images over HTTPS, so issues typically won't be seen there or in Outlook.
2024-02-15 - Email Geeks
Final thoughts on secure email delivery
While Chrome's direct blocking of mixed content largely targets web pages, its ripple effects extend to how email content is perceived and rendered. For Salesforce Marketing Cloud users, this means a proactive approach to HTTPS adoption across all email assets is essential. Although major webmail clients often proxy HTTP images to HTTPS, relying on this isn't a long-term strategy for optimal deliverability and trust. Ensure all your images and especially your click tracking domains are fully secured with HTTPS. This helps reinforce your sender reputation and aligns with evolving internet security standards.
By consistently using secure protocols, you not only avoid potential display issues and user warnings but also build a more robust and trustworthy email program. This commitment to security translates into better user engagement and, ultimately, improved email deliverability for your Salesforce Marketing Cloud campaigns. For more insights into email authentication, read this simple guide to DMARC, SPF, and DKIM.
Chrome. Mixed content occurs when a secure HTTPS page attempts to load insecure HTTP resources. While this primarily targets websites, its implications for email marketing, especially for platforms like 
Salesforce Marketing Cloud (SFMC), are worth examining closely.
Outlook and 
Yahoo Mail), it creates a mixed content scenario. Salesforce has acknowledged these changes, particularly concerning images and links within their CMS and Experience Cloud, indicating a broader industry shift towards full encryption. You can read more about it in their documentation on Chrome blocking mixed content.
Gmail, 
AOL, or Outlook.com), any insecure content within the email can still trigger warnings or display issues. For instance, Gmail and Outlook's web clients may flag mixed content, especially if the sender is not in the recipient's address book, impacting perceived trustworthiness. For more information, read this guide on if HTTPS/SSL improves email deliverability.
