Chrome Security Panel
Chrome security panel displays security information about a current connection.
This information includes details on security level, SSL certificate details, mixed content, protocol, key exchange, cipher and more. It basically tells you just about anything you want to know about the connection from a security standpoint.
How to use the Security Panel
The security panel is part of chrome developers tools which is accessed when you right click on the page and choose “Inspect”.
After you click inspect, a window will appear with several options (this is called Chrome Devtools). Click on the security tab as shown below:
Once you click “security” you will see the security panel:
Useful information found in the panel for webmasters
You don’t need to be a security expert to get some interesting information from this panel, but at the same time, you can dig as deep as you want.
Here’s an overview of the details we can get:
Security level of a page
The overall security of the page is reported prominently.
This detail tells us who issued the certificate (in this case it was Let’s Encrypt).
Clicking the “View certificate” button will bring up a new window that has details about the certificate itself. This is where you would look for expiration dates, certificate details such as keys/policies, and the certificate path.
Protocol, Key Exchange, and Cipher – Connection details
The security panel identifies and scores the protocol, key exchange, and the cipher used to create the connection.
In the above case the details are:
Protocol used is TLS 1.2 (identified as strong)
Key exchange used is ECDHE_RSA with P-256 (identified as strong)
Cipher used is AES_128_GCM (identified as strong)
Mixed Content – Resource details
Page resources are reported on as well. All is good if they are loading from secure sources. If they are not, this is called mixed content and will lower the security of the page. The security panel will report the amount of mixed resources and will show you the resources that are being served from HTTP (rather than HTTPS).
See more of our HTTPS articles