Chrome DevTools Protocol

Methods

Security.disable

Disables tracking security state changes.

Security.enable

Enables tracking security state changes.

Security.handleCertificateError Deprecated

Handles a certificate error that fired a certificateError event.

parameters
eventId
integer

The ID of the event.

action
CertificateErrorAction

The action to take on the certificate error.

Security.setOverrideCertificateErrors Deprecated

Enable/disable overriding certificate errors. If enabled, all certificate error events need to be handled by the DevTools client and should be answered with handleCertificateError commands.

parameters
override
boolean

If true, certificate errors will be overridden.

Security.setIgnoreCertificateErrors Experimental

Enable/disable whether all certificate errors should be ignored.

parameters
ignore
boolean

If true, all certificate errors will be ignored.

Events

Security.securityStateChanged

The security state of the page changed.

parameters
securityState
SecurityState

Security state.

schemeIsCryptographic
boolean

True if the page was loaded over cryptographic transport such as HTTPS.

Deprecated
explanations
array[ SecurityStateExplanation ]

List of explanations for the security state. If the overall security state is insecure or warning, at least one corresponding explanation should be included.

insecureContentStatus
InsecureContentStatus

Information about insecure content on the page.

Deprecated
summary
string

Overrides user-visible description of the state.

Security.certificateError Deprecated

There is a certificate error. If overriding certificate errors is enabled, then it should be handled with the handleCertificateError command. Note: this event does not fire if the certificate error has been allowed internally. Only one client per target should override certificate errors at the same time.

parameters
eventId
integer

The ID of the event.

errorType
string

The type of the error.

requestURL
string

The url that was requested.

Security.visibleSecurityStateChanged Experimental

The security state of the page changed.

parameters
visibleSecurityState
VisibleSecurityState

Security state information about the page.

Types

Security.CertificateErrorAction

The action to take when a certificate error occurs. continue will continue processing the request and cancel will cancel the request.

Allowed Values: continue, cancel

Type: string

Security.CertificateId

An internal certificate ID value.

Type: integer

Security.MixedContentType

A description of mixed content (HTTP resources on HTTPS pages), as defined by https://www.w3.org/TR/mixed-content/#categories

Allowed Values: blockable, optionally-blockable, none

Type: string

Security.SecurityState

The security level of a page or resource.

Allowed Values: unknown, neutral, insecure, secure, info, insecure-broken

Type: string

Security.SecurityStateExplanation

An explanation of an factor contributing to the security state.

Type: object

properties
securityState
SecurityState

Security state representing the severity of the factor being explained.

title
string

Title describing the type of factor.

summary
string

Short phrase describing the type of factor.

description
string

Full text explanation of the factor.

mixedContentType
MixedContentType

The type of mixed content described by the explanation.

certificate
array[ string ]

Page certificate.

recommendations
array[ string ]

Recommendations to fix any issues.

Security.InsecureContentStatus Deprecated

Information about insecure content on the page.

Type: object

properties
ranMixedContent
boolean

Always false.

displayedMixedContent
boolean

Always false.

containedMixedForm
boolean

Always false.

ranContentWithCertErrors
boolean

Always false.

displayedContentWithCertErrors
boolean

Always false.

ranInsecureContentStyle
SecurityState

Always set to unknown.

displayedInsecureContentStyle
SecurityState

Always set to unknown.

Security.CertificateSecurityState Experimental

Details about the security state of the page certificate.

Type: object

properties
protocol
string

Protocol name (e.g. "TLS 1.2" or "QUIC").

keyExchange
string

Key Exchange used by the connection, or the empty string if not applicable.

keyExchangeGroup
string

(EC)DH group used by the connection, if applicable.

cipher
string

Cipher name.

mac
string

TLS MAC. Note that AEAD ciphers do not have separate MACs.

certificate
array[ string ]

Page certificate.

subjectName
string

Certificate subject name.

issuer
string

Name of the issuing CA.

validFrom
Network.TimeSinceEpoch

Certificate valid from date.

validTo
Network.TimeSinceEpoch

Certificate valid to (expiration) date

certificateNetworkError
string

The highest priority network error code, if the certificate has an error.

certificateHasWeakSignature
boolean

True if the certificate uses a weak signature aglorithm.

certificateHasSha1Signature
boolean

True if the certificate has a SHA1 signature in the chain.

modernSSL
boolean

True if modern SSL

obsoleteSslProtocol
boolean

True if the connection is using an obsolete SSL protocol.

obsoleteSslKeyExchange
boolean

True if the connection is using an obsolete SSL key exchange.

obsoleteSslCipher
boolean

True if the connection is using an obsolete SSL cipher.

obsoleteSslSignature
boolean

True if the connection is using an obsolete SSL signature.

Security.SafetyTipInfo Experimental

Type: object

properties
safetyTipStatus
SafetyTipStatus

Describes whether the page triggers any safety tips or reputation warnings. Default is unknown.

safeUrl
string

The URL the safety tip suggested ("Did you mean?"). Only filled in for lookalike matches.

Security.SafetyTipStatus Experimental

Allowed Values: badReputation, lookalike

Type: string

Security.VisibleSecurityState Experimental

Security state information about the page.

Type: object

properties
securityState
SecurityState

The security level of the page.

certificateSecurityState
CertificateSecurityState

Security state details about the page certificate.

safetyTipInfo
SafetyTipInfo

The type of Safety Tip triggered on the page. Note that this field will be set even if the Safety Tip UI was not actually shown.

securityStateIssueIds
array[ string ]

Array of security state issues ids.