Understand security issues using the Security tool
Use the Security panel to inspect the security of a page.
To open DevTools, right-click a webpage, and then select Inspect. Or, press
Ctrl
+Shift
+I
(Windows, Linux) orCommand
+Option
+I
(macOS). DevTools opens.In DevTools, on the main toolbar, click the Security tab. If that tab isn't visible, click the More tabs (
) button, or else the More Tools (
) button.
The Security tool (or panel) opens:
Common problems
Non-secure main origins
When the main origin of a page isn't secure, the Security Overview says This page is not secure.
This problem occurs when the URL that you visited was requested over HTTP. To make it secure you need to request it over HTTPS. For example, if you look at the URL in your address bar, it probably looks similar to http://example.com
. To make it secure the URL should be https://example.com
.
If you already set up HTTPS on your server, all you need to do to fix this problem is configure your server to redirect all HTTP requests to HTTPS.
If you haven't set up HTTPS on your server, Let's Encrypt provides a free and relatively easy way to start the process. Or, you might consider hosting your site on a CDN. Most major CDNs host sites on HTTPS by default now.
Tip
The Use HTTPS hint in webhint can help automate the process of making sure that all HTTP requests are directed to HTTPS.
Mixed content
Mixed content means that the main origin of a page is secure, but the page requested resources from non-secure origins. Mixed content pages are only partially protected because the HTTP content is accessible to sniffers and vulnerable to man-in-the-middle attacks.
In the previous figure, select View 1 request in Network panel to open the Network tool and apply the mixed-content:displayed
filter so that the Network Log only shows non-secure resources.
View details
View main origin certificate
From the Security Overview, click View certificate to quickly inspect the certificate for the main origin.
View origin details
Click one of the entries in the left-hand nav to view the details of the origin. From the details page you can view connection and certificate information. Certificate transparency information is also shown when available.
Note
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons Attribution 4.0 International License. The original page is found here and is authored by Kayce Basques (Technical Writer, Chrome DevTools & Lighthouse).
This work is licensed under a Creative Commons Attribution 4.0 International License.
Feedback
Submit and view feedback for