Understand security issues with Microsoft Edge DevTools

Open the Security panel

The Security panel is the main place in DevTools for inspecting the security of a page.

  1. Open DevTools.

  2. Choose the Security tab to open the Security tool.

    The Security panel

Common problems

Non-secure main origins

When the main origin of a page is not secure, the Security Overview says This page is not secure.

A non-secure page

This problem occurs when the URL that you visited was requested over HTTP. To make it secure you need to request it over HTTPS. For example, if you look at the URL in your address bar, it probably looks similar to http://example.com. To make it secure the URL should be https://example.com.

If you already set up HTTPS on your server, all you need to do to fix this problem is configure your server to redirect all HTTP requests to HTTPS.

If you have not set up HTTPS on your server, Let's Encrypt provides a free and relatively-easy way to start the process. Or, you may consider hosting your site on a CDN. Most major CDNs host sites on HTTPS by default now.

Tip

The Use HTTPS hint in webhint may help automate the process of making sure that all HTTP requests are directed to HTTPS.

Mixed content

Mixed content means that the main origin of a page is secure, but the page requested resources from non-secure origins. Mixed content pages are only partially protected because the HTTP content is accessible to sniffers and vulnerable to man-in-the-middle attacks.

Mixed content

In the previous figure, choose View 1 request in Network panel to open the Network tool and apply the mixed-content:displayed filter so that the Network Log only shows non-secure resources.

Mixed resources in the Network Log

View details

View main origin certificate

From the Security Overview, choose View certificate to quickly inspect the certificate for the main origin.

A main origin certificate

View origin details

Choose one of the entries in the left-hand nav to view the details of the origin. From the details page you are able to view connection and certificate information. Certificate transparency information is also shown when available.

Main origin details

Getting in touch with the Microsoft Edge DevTools team

Use the following options to discuss the new features and changes in the post, or anything else related to DevTools.

  • Send your feedback using the Send Feedback icon or select Alt+Shift+I (Windows, Linux) or Option+Shift+I (macOS) in DevTools.
  • Tweet at @EdgeDevTools.
  • Submit a suggestion to The Web We Want.
  • To file bugs about this article, use the following Feedback section.

The Send Feedback icon in the Microsoft Edge DevTools

Note

Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons Attribution 4.0 International License.
The original page is found here and is authored by Kayce Basques (Technical Writer, Chrome DevTools & Lighthouse).

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.