Skip to content
About Blog Learn Explore Patterns Case studies

Check site security

Aug 16, 2018 — Updated Aug 16, 2018
Sam Dutton
Sam Dutton
TwitterGitHub

You won't be able to build a PWA without HTTPS.

Serving your site over HTTPS is fundamental for security, and many APIs won't work without it. If you need to justify implementation costs, find out why HTTPS matters.

If a site uses HTTP for any assets, users will be warned in the URL bar. Chrome displays a warning like the following.

Chrome 'not secure' warning
From Chrome 68, the address bar warns if not all assets use HTTPS

HTTPS should be implemented everywhere — not just, for example, on login or checkout pages. Any insecure page or asset can be a vector for attack, making your site a liability for your users and your business.

Site security is easy to check with Chrome DevTools Security panel. Keep a record of any problems.

The site in the following example is not secure, since some assets are served over HTTP.

Chrome DevTools Security panel
Chrome DevTools Security panel
Last updated: Aug 16, 2018 — Improve article
Share
subscribe

Contribute

  • File a bug
  • View source

Related content

  • developer.chrome.com
  • Chrome updates
  • Case studies
  • Podcasts
  • Shows

Connect

  • Twitter
  • YouTube
  • Google Developers
  • Chrome
  • Firebase
  • Google Cloud Platform
  • All products
  • Terms & Privacy
  • Community Guidelines

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies.