Chrome DevTools

Security Domain

Security

Methods

Events

Types

Methods

Chrome DevTools

Security.disable #

Disables tracking security state changes.

Chrome DevTools

Security.enable #

Enables tracking security state changes.

Chrome DevTools

Security.setIgnoreCertificateErrors #

Enable/disable whether all certificate errors should be ignored.

Parameters

ignore
boolean

If true, all certificate errors will be ignored.

Chrome DevTools

Security.handleCertificateError Deprecated#

Handles a certificate error that fired a certificateError event.

Parameters

eventId
integer

The ID of the event.

action
CertificateErrorAction

The action to take on the certificate error.

Chrome DevTools

Security.setOverrideCertificateErrors Deprecated#

Enable/disable overriding certificate errors. If enabled, all certificate error events need to be handled by the DevTools client and should be answered with handleCertificateError commands.

Parameters

override
boolean

If true, certificate errors will be overridden.

Events

Chrome DevTools

Security.certificateError Deprecated#

There is a certificate error. If overriding certificate errors is enabled, then it should be handled with the handleCertificateError command. Note: this event does not fire if the certificate error has been allowed internally. Only one client per target should override certificate errors at the same time.

Parameters

eventId
integer

The ID of the event.

errorType
string

The type of the error.

requestURL
string

The url that was requested.

Chrome DevTools

Security.securityStateChanged Deprecated#

The security state of the page changed. No longer being sent.

Parameters

securityState
SecurityState

Security state.

schemeIsCryptographic
boolean

True if the page was loaded over cryptographic transport such as HTTPS.

Deprecated
explanations
array[ SecurityStateExplanation ]

Previously a list of explanations for the security state. Now always empty.

Deprecated
insecureContentStatus
InsecureContentStatus

Information about insecure content on the page.

Deprecated
summary
Optional
string

Overrides user-visible description of the state. Always omitted.

Deprecated
Chrome DevTools

Security.visibleSecurityStateChanged Experimental#

The security state of the page changed.

Parameters

visibleSecurityState
VisibleSecurityState

Security state information about the page.

Types

Chrome DevTools

Security.CertificateErrorAction #

The action to take when a certificate error occurs. continue will continue processing the request and cancel will cancel the request.

Type: string

Allowed values: continue, cancel

Chrome DevTools

Security.CertificateId #

An internal certificate ID value.

Type: integer

Chrome DevTools

Security.MixedContentType #

A description of mixed content (HTTP resources on HTTPS pages), as defined by https://www.w3.org/TR/mixed-content/#categories

Type: string

Allowed values: blockable, optionally-blockable, none

Chrome DevTools

Security.SecurityState #

The security level of a page or resource.

Type: string

Allowed values: unknown, neutral, insecure, secure, info, insecure-broken

Chrome DevTools

Security.SecurityStateExplanation #

An explanation of an factor contributing to the security state.

Type: object

Properties

securityState
SecurityState

Security state representing the severity of the factor being explained.

title
string

Title describing the type of factor.

summary
string

Short phrase describing the type of factor.

description
string

Full text explanation of the factor.

mixedContentType
MixedContentType

The type of mixed content described by the explanation.

certificate
array[ string ]

Page certificate.

recommendations
Optional
array[ string ]

Recommendations to fix any issues.

Chrome DevTools

Security.InsecureContentStatus Deprecated#

Information about insecure content on the page.

Type: object

Properties

ranMixedContent
boolean

Always false.

displayedMixedContent
boolean

Always false.

containedMixedForm
boolean

Always false.

ranContentWithCertErrors
boolean

Always false.

displayedContentWithCertErrors
boolean

Always false.

ranInsecureContentStyle
SecurityState

Always set to unknown.

displayedInsecureContentStyle
SecurityState

Always set to unknown.

Chrome DevTools

Security.CertificateSecurityState Experimental#

Details about the security state of the page certificate.

Type: object

Properties

protocol
string

Protocol name (e.g. "TLS 1.2" or "QUIC").

keyExchange
string

Key Exchange used by the connection, or the empty string if not applicable.

keyExchangeGroup
Optional
string

(EC)DH group used by the connection, if applicable.

cipher
string

Cipher name.

mac
Optional
string

TLS MAC. Note that AEAD ciphers do not have separate MACs.

certificate
array[ string ]

Page certificate.

subjectName
string

Certificate subject name.

issuer
string

Name of the issuing CA.

validFrom
Network.TimeSinceEpoch

Certificate valid from date.

validTo
Network.TimeSinceEpoch

Certificate valid to (expiration) date

certificateNetworkError
Optional
string

The highest priority network error code, if the certificate has an error.

certificateHasWeakSignature
boolean

True if the certificate uses a weak signature algorithm.

certificateHasSha1Signature
boolean

True if the certificate has a SHA1 signature in the chain.

modernSSL
boolean

True if modern SSL

obsoleteSslProtocol
boolean

True if the connection is using an obsolete SSL protocol.

obsoleteSslKeyExchange
boolean

True if the connection is using an obsolete SSL key exchange.

obsoleteSslCipher
boolean

True if the connection is using an obsolete SSL cipher.

obsoleteSslSignature
boolean

True if the connection is using an obsolete SSL signature.

Chrome DevTools

Security.SafetyTipInfo Experimental#

Type: object

Properties

safetyTipStatus
SafetyTipStatus

Describes whether the page triggers any safety tips or reputation warnings. Default is unknown.

safeUrl
Optional
string

The URL the safety tip suggested ("Did you mean?"). Only filled in for lookalike matches.

Chrome DevTools

Security.SafetyTipStatus Experimental#

Type: string

Allowed values: badReputation, lookalike

Chrome DevTools

Security.VisibleSecurityState Experimental#

Security state information about the page.

Type: object

Properties

securityState
SecurityState

The security level of the page.

certificateSecurityState
Optional
CertificateSecurityState

Security state details about the page certificate.

safetyTipInfo
Optional
SafetyTipInfo

The type of Safety Tip triggered on the page. Note that this field will be set even if the Safety Tip UI was not actually shown.

securityStateIssueIds
array[ string ]

Array of security state issues ids.