Get Inspired
Docs
Blog
Articles
Chrome DevTools
Overview Open Chrome DevTools What's New in DevTools DevTools tips
Run commands in the Command Menu Disable JavaScript Keyboard shortcuts
Simulate mobile devices with Device Mode
Get started with viewing and changing the DOM View the properties of DOM objects Badges reference
View and change CSS Find invalid, overridden, inactive, and other CSS Inspect and debug HD and non-HD colors with the Color Picker Inspect CSS grid layouts Inspect and debug CSS flexbox layouts Inspect and debug CSS container queries CSS features reference
Console overview Log messages in the Console Run JavaScript in the Console Watch JavaScript values in real time with Live Expressions Format and style messages in the Console Console features reference Console API reference Console Utilities API reference
Sources panel overview Debug JavaScript Pause your code with breakpoints Run snippets of JavaScript Debug your original code instead of deployed with source maps Edit and save files in a workspace Override web content and HTTP response headers locally JavaScript debugging reference Debug C/C++ WebAssembly
Inspect network activity Network features reference View page resources
Analyze runtime performance Performance features reference Timeline event reference
Performance insights: Get actionable insights on your website's performance Lighthouse: Optimize website speed
Memory terminology Fix memory problems Record heap snapshots How to Use the Allocation Profiler Tool
Debug Progressive Web Apps View and edit local storage View and edit session storage View and change IndexedDB data View Web SQL data View, add, edit, and delete cookies View cache data Test back/forward cache Debug background services Deprecated: View Application Cache Data With Chrome DevTools
Animations: Inspect and modify CSS animation effects Changes: Track your HTML, CSS, and JavaScript changes Coverage: Find unused JavaScript and CSS Developer Resources: View and manually load source maps CSS Overview: Identify potential CSS improvements Issues: Find and fix problems Media: View and debug media players information Memory Inspector: Inspect ArrayBuffer, TypedArray, DataView, and Wasm Memory. Network conditions: Override the user agent string
Record, replay, and measure user flows Features reference Customize the Recorder with extensions
Rendering tab overview Discover issues with rendering performance Emulate CSS media features Apply other effects: enable automatic dark theme, emulate focus, and more
Security: Understand security issues Search: Find text across all loaded resources Sensors: Emulate device sensors WebAuthn: Emulate authenticators
Remote debug Android devices Access local servers Remote debugging WebViews
Accessibility features reference Make your website more readable Navigate Chrome DevTools with assistive technology Track element focus
Customize DevTools
Settings overview Preferences Workspace Experiments Ignore List Devices Throttling Locations Shortcuts
Engineering blog
Chrome DevTools
Overview Open Chrome DevTools What's New in DevTools DevTools tips
Run commands in the Command Menu Disable JavaScript Keyboard shortcuts
Simulate mobile devices with Device Mode
Get started with viewing and changing the DOM View the properties of DOM objects Badges reference
View and change CSS Find invalid, overridden, inactive, and other CSS Inspect and debug HD and non-HD colors with the Color Picker Inspect CSS grid layouts Inspect and debug CSS flexbox layouts Inspect and debug CSS container queries CSS features reference
Console overview Log messages in the Console Run JavaScript in the Console Watch JavaScript values in real time with Live Expressions Format and style messages in the Console Console features reference Console API reference Console Utilities API reference
Sources panel overview Debug JavaScript Pause your code with breakpoints Run snippets of JavaScript Debug your original code instead of deployed with source maps Edit and save files in a workspace Override web content and HTTP response headers locally JavaScript debugging reference Debug C/C++ WebAssembly
Inspect network activity Network features reference View page resources
Analyze runtime performance Performance features reference Timeline event reference
Performance insights: Get actionable insights on your website's performance Lighthouse: Optimize website speed
Memory terminology Fix memory problems Record heap snapshots How to Use the Allocation Profiler Tool
Debug Progressive Web Apps View and edit local storage View and edit session storage View and change IndexedDB data View Web SQL data View, add, edit, and delete cookies View cache data Test back/forward cache Debug background services Deprecated: View Application Cache Data With Chrome DevTools
Animations: Inspect and modify CSS animation effects Changes: Track your HTML, CSS, and JavaScript changes Coverage: Find unused JavaScript and CSS Developer Resources: View and manually load source maps CSS Overview: Identify potential CSS improvements Issues: Find and fix problems Media: View and debug media players information Memory Inspector: Inspect ArrayBuffer, TypedArray, DataView, and Wasm Memory. Network conditions: Override the user agent string
Record, replay, and measure user flows Features reference Customize the Recorder with extensions
Rendering tab overview Discover issues with rendering performance Emulate CSS media features Apply other effects: enable automatic dark theme, emulate focus, and more
Security: Understand security issues Search: Find text across all loaded resources Sensors: Emulate device sensors WebAuthn: Emulate authenticators
Remote debug Android devices Access local servers Remote debugging WebViews
Accessibility features reference Make your website more readable Navigate Chrome DevTools with assistive technology Track element focus
Customize DevTools
Settings overview Preferences Workspace Experiments Ignore List Devices Throttling Locations Shortcuts
Engineering blog

Security: Understand security issues

Published on

Kayce Basques
Kayce Basques

Technically, I'm a writer

Twitter GitHub Glitch

Use the Security Panel in Chrome DevTools to make sure HTTPS is properly implemented on a page. See Why HTTPS Matters to learn why every website should be protected with HTTPS, even sites that don't handle sensitive user data.

Open the Security panel

The Security panel is the main place in DevTools for inspecting the security of a page.

  1. Open DevTools.

  2. Click the Security tab to open the Security panel.

    The Security panel

    Figure 1. The Security panel

Common problems

Non-secure main origins

When the main origin of a page is not secure, the Security Overview says This page is not secure.

A non-secure page

Figure 2. A non-secure page

This problem occurs when the URL that you visited was requested over HTTP. To make it secure you need to request it over HTTPS. For example, if you look at the URL in your address bar, it probably looks similar to http://example.com. To make it secure the URL should be https://example.com.

If you've already got HTTPS set up on your server, all you need to do to fix this problem is configure your server to redirect all HTTP requests to HTTPS.

If you don't have HTTPS set up on your server, Let's Encrypt provides a free and relatively-easy way to start the process. Or, you might consider hosting your site on a CDN. Most major CDNs host sites on HTTPS by default now.

Tip The Redirect HTTP Traffic To HTTPS audit in Lighthouse can help automate the process of making sure that all HTTP requests are redirected to HTTPS.

Mixed content

Mixed content means that the main origin of a page is secure, but the page requested resources from non-secure origins. Mixed content pages are only partially protected because the HTTP content is accessible to sniffers and vulnerable to man-in-the-middle attacks.

Mixed content

Figure 3. Mixed content

In Figure 3 above, clicking View 1 request in Network panel opens the Network panel and applies the mixed-content:displayed filter so that the Network Log only shows non-secure resources.

Mixed resources in the Network Log

Figure 4. Mixed resources in the Network Log

View details

View main origin certificate

From the Security Overview click View certificate to quickly inspect the main origin's certificate.

A main origin certificate

Figure 5. A main origin certificate

View origin details

Click one of the entries in the left-hand nav to view the origin's details. From the details page you can view connection and certificate information. Certificate transparency information is also shown when available.

Main origin details

Figure 6. Main origin details

Published on Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.