[PretzelFisch]

That's not how I read it. The nonsecure download from a secure page is their starting point. The end goal is to block all unsecure downloads of high risk types.

[toomuchtodo]

Is it possible to disallow all non secure/https requests in Chrome?

[A2017U1]

The EFF's httpseverywhere extension works well, you need to set it to block if it can't upgrade the connection to tls

[Someone1234]

Great concept but the plugin is an absolute memory hog, and they've been unable to fix it.

They closed the old bug for no real reason:

https://github.com/EFForg/https-everywhere/issues/1775

Then let the new bug rot:

https://github.com/EFForg/https-everywhere/issues/12232

They've now started deleting new comments on the new bug. I'm just not using it anymore.

[sucrose]

The DuckDuckGo Privacy Essentials¹ extension is a great alternative that I switched to.

¹ https://chrome.google.com/webstore/detail/duckduckgo-privacy...

[Sahhaese]

The easiest way to do that is to use your OS provided firewall to block all outgoing HTTP requests from chrome and only allow HTTPS.

[gambler]

That's how I read it as well. Boiling the frogs.