javascript - Can a page detect when user has loaded it insecurely - Stack Overflow

admin管理员组

文章数量:1396828

Is there any way on an HTTPS page to detect (via javascript) whether the user has loaded the page despite SSL certificate problems?

Normally browsers make users click through several exception warnings and turn the address bar red, but in some contexts users may ignore this, and as an author of an application, I'd like to place additional in-application warnings to warn users against doing this. It would also be useful to be able to log such events.

Is there any way on an HTTPS page to detect (via javascript) whether the user has loaded the page despite SSL certificate problems?

Normally browsers make users click through several exception warnings and turn the address bar red, but in some contexts users may ignore this, and as an author of an application, I'd like to place additional in-application warnings to warn users against doing this. It would also be useful to be able to log such events.

• javascript
• ssl

Share Improve this question Follow asked Aug 1, 2014 at 13:32 Fabio BeltraminiFabio Beltramini 2,51111 gold badge1818 silver badges2525 bronze badges 7

• In what context can user ignore it? – Nebril Commented Aug 1, 2014 at 13:38
• support.mozilla/en-US/questions/923494 – Pankaj Sharma Commented Aug 1, 2014 at 13:40
• I don't think this information is exposed to javascript at this time: stackoverflow./questions/2604399/… – some Commented Aug 1, 2014 at 14:00
• @Nebril It depends on the browser vendor and version, but I know I sometimes do it in Firefox (it required clicking through 3 screens of browser warnings, but a generic warning is never going to be as effective as one specific to the page) – Fabio Beltramini Commented Aug 1, 2014 at 17:01
• 1 This es very close... stackoverflow./questions/4129496/… – Fabio Beltramini Commented Aug 1, 2014 at 20:41

 |  Show 2 more ments

3 Answers 3

Sorted by: Reset to default 6

The short answer it that you can't.

The reason for this is that if you could it could raise some security issues.
The SSL validation is done by 3rd party ponents in the browsers and you don't have and way of "asking" the browser for the status.

For example in Chrome

The implementation itself is part of the browser code and not part of the V8 engine which is the JavaScript engine used by Chrome

So the answer is No, you can't tell if the connection is secured or not.

The only thing you can know with JavaScript is the protocol and not more than that.

The Javascript in your browser doesn't have function to do this. You need to use an another language to get it.

Alternative 1 :

You can use an ajax request to get SSL info, with extern API like How's My SSL? or with your own PHP page with JSON response.

Alternative 2 :

Or you can print SSL info (last link) with php in your page, in js variable.

See :

• Can "Show Insecure Content" Browser Prompt Be Detected?
• How's My SSL?
• How to get SSL certificate info with CURL in PHP?
• Firefox has SSleuth addon (javascript) that ranks an established SSL/TLS connection to estimate the connection strength. It also gives a brief summary of the important SSL/TLS connection parameters.

Have you considered using online tools that analyze a site and provide a status? Something like https://www.jitbit./sslcheck/ might work.

本文标签： javascriptCan a page detect when user has loaded it insecurelyStack Overflow