webRequest.SecurityInfo
An object describing the security properties of a particular web request. An object of this type is returned from the webRequest.getSecurityInfo()
API.
If the request is not secured using TLS, then this object will contain only the property state
, whose value will be "insecure"
.
Type
Values of this type are objects. They contain the following properties:
certificates
-
Array
ofCertificateInfo
. IfwebRequest.getSecurityInfo()
was called with thecertificateChain
option present and set totrue
, this will contain aCertificateInfo
object for every certificate in the chain, from the server certificate up to and including the trust root.Otherwise it will contain a single
CertificateInfo
object, for the server certificate. certificateTransparencyStatus
Optional-
String
. Indicates the Certificate Transparency status for the connection. This may take any one of the following values:- "not_applicable"
- "policy_compliant"
- "policy_not_enough_scts"
- "policy_not_diverse_scts"
cipherSuite
Optional-
String
. Cipher suite used for the connection, formatted as per the TLS specification: for example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". errorMessage
Optional-
String
. If there was a problem with the TLS handshake (for example, the certificate had expired, or a trusted root could not be found, or a certificate was revoked) thenstatus
will be "broken" and theerrorMessage
property will contain a string describing the error, taken from Firefox's internal list of error codes.Note though that at present you can only call
getSecurityInfo()
in theonHeaderReceived
listener, and theonHeaderReceived
event is not fired when the handshake fails. So in practice this will never be set. hsts
Optional-
Boolean
.true
if the host uses Strict Transport Security,false
otherwise. isDomainMismatch
Optional-
Boolean
.true
if the server's domain name does not match the domain name in its certificate,false
otherwise. isExtendedValidation
Optional-
Boolean
.true
if the server has an Extended Validation Certificate,false
otherwise. isNotValidAtThisTime
Optional-
Boolean
.true
if the current time falls outside the server certificate's validity period (i.e. the certificate has expired or is not yet valid),false
otherwise. isUntrusted
Optional-
Boolean
.true
if a chain back to a trusted root certificate could not be constructed,false
otherwise. keaGroupName
Optional-
String
. Ifstate
is "secure" this describes the key exchange algorithm used in this request. protocolVersion
Optional-
String
. Version of the TLS protocol used. One of:- "TLSv1"
- "TLSv1.1"
- "TLSv1.2"
- "TLSv1.3"
- "unknown" (if the version is not valid)
secretKeyLength
Optional-
Number
. The length of the secret key in bits. signatureSchemeName
Optional-
String
. Ifstate
is "secure" this describes the signature scheme used in this request. state
-
String
. State of the connection. One of:- "broken": the TLS handshake failed (for example, the certificate had expired)
- "insecure": the connection is not a TLS connection
- "secure": the connection is a secure TLS connection
- "weak": the connection is a TLS connection but is considered weak. You can examine
weaknessReasons
to find out the problem.
Note though that at present you can only call
getSecurityInfo()
in theonHeaderReceived
listener, and theonHeaderReceived
event is not fired when the handshake fails. So in practice this will never be set to "broke". usedDelegatedCredentials
Optional-
Boolean
.true
if the connection used Delegated Credentials,false
otherwise. usedEch
Optional-
Boolean
.true
if the connection used ECH (Encrypted Client Hello),false
otherwise. usedOcsp
Optional-
Boolean
.true
if the connection made an OCSP (Online Certificate Status Protocol) request,false
otherwise. usedPrivateDns
Optional-
Boolean
.true
if the connection made a private DNS lookup, such as with DoH (DNS over HTTPS),false
otherwise. weaknessReasons
Optional-
String
. Ifstate
is "weak", this indicates the reason. Currently this may contain only a single value "cipher", indicating that the negotiated cipher suite is considered weak.
Browser compatibility
BCD tables only load in the browser