The secureConnectionStart
read-only property returns a timestamp
immediately before the browser starts the handshake process to secure the current connection. If a secure connection is not used, the property returns zero.
The secureConnectionStart
read-only property returns a timestamp
immediately before the browser starts the handshake process to secure the current connection. If a secure connection is not used, the property returns zero.
The secureConnectionStart
property can have the following values:
DOMHighResTimeStamp
indicating the time immediately before the browser starts the handshake process to secure the current connection if the resource is fetched over a secure connection.0
if no secure connection is used.0
if the resource was instantaneously retrieved from a cache.0
if the resource is a cross-origin request and no Timing-Allow-Origin
HTTP response header is used.The secureConnectionStart
and requestStart
properties can be used to measure how long it takes for the TLS negotiation to happen.
js
const tls = entry.requestStart - entry.secureConnectionStart;
Example using a PerformanceObserver
, which notifies of new resource
performance entries as they are recorded in the browser's performance timeline. Use the buffered
option to access entries from before the observer creation.
js
const observer = new PerformanceObserver((list) => { list.getEntries().forEach((entry) => { const tls = entry.requestStart - entry.secureConnectionStart; if (tls > 0) { console.log(`${entry.name}: TLS negotiation duration: ${tls}ms`); } }); }); observer.observe({ type: "resource", buffered: true });
Example using Performance.getEntriesByType()
, which only shows resource
performance entries present in the browser's performance timeline at the time you call this method:
js
const resources = performance.getEntriesByType("resource"); resources.forEach((entry) => { const tls = entry.requestStart - entry.secureConnectionStart; if (tls > 0) { console.log(`${entry.name}: TLS negotiation duration: ${tls}ms`); } });
If the value of the secureConnectionStart
property is 0
, the resource is either not using a secure connection or it is a cross-origin request. To allow seeing cross-origin timing information, the Timing-Allow-Origin
HTTP response header needs to be set.
For example, to allow https://developer.mozilla.org
to see timing resources, the cross-origin resource should send:
http
Timing-Allow-Origin: https://developer.mozilla.org
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
secureConnectionStart |
43 | 18 | 31 | No | 30 | 11 | 43 | 43 | 31 | 30 | 11 | 4.0 |
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming/secureConnectionStart