<!--
Copyright 2020 The Chromium Authors
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->
<!--
This file is used to generate a comprehensive list of Security histograms
along with a detailed description for each histogram.
For best practices on writing histogram descriptions, see
https://chromium.googlesource.com/chromium/src.git/+/HEAD/tools/metrics/histograms/README.md
Please follow the instructions in the OWNERS file in this directory to find a
reviewer. If no OWNERS file exists, please consider signing up at
go/reviewing-metrics (Googlers only), as all subdirectories are expected to
have an OWNERS file. As a last resort you can send the CL to
[email protected].
-->
<histogram-configuration>
<histograms>
<histogram name="Security.DataDecoder.Image.DecodingTime" units="ms"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `data_decoder::DecodeImage` and/or
`data_decoder::DecodeImageIsolated`. Logs the time that has elapsed while
decoding the image (typically this happens in the Utility process). The time
is recorded in all the cases (including empty input which don't require
actual image decoding).
</summary>
</histogram>
<histogram name="Security.DataDecoder.Image.Isolated.EndToEndTime" units="ms"
expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `data_decoder::DecodeImageIsolated`.
Logs the time that has elapsed between 1) invocation of DecodeImageIsolated
and 2) calling the completion callback (both of these events happen in the
Browser process). The elapsed time covers A) spawning the utility process,
B) decoding the image, C) IPC overhead.
Note that there are 2 sets of similar metrics:
Security.DataDecoder.Image.Isolated. and
Security.DataDecoder.Image.Reusable. In the Isolated case a Utility process
is spawned for each image decoding operation and the ...End2End and
...ProcessOverhead metrics always include process spawning overhead. In the
Reusable case a Utility process may get reused when decoding a batch of
images, and the ...End2End and ...ProcessOverhead metrics may or may not
include process spawning overhead (the process will only need to be spawned
for the first image in a batch + after the process has been shut down due to
inactivity).
</summary>
</histogram>
<histogram name="Security.DataDecoder.Image.Isolated.ProcessOverhead"
units="ms" expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `data_decoder::DecodeImageIsolated`.
Logs the overhead of using a separate process for decoding the images by
calculating the difference between ...Image.Isolated.EndToEndTime and the
...Image.DecodingTime metrics.
Note that there are 2 sets of similar metrics:
Security.DataDecoder.Image.Isolated. and
Security.DataDecoder.Image.Reusable. In the Isolated case a Utility process
is spawned for each image decoding operation and the ...End2End and
...ProcessOverhead metrics always include process spawning overhead. In the
Reusable case a Utility process may get reused when decoding a batch of
images, and the ...End2End and ...ProcessOverhead metrics may or may not
include process spawning overhead (the process will only need to be spawned
for the first image in a batch + after the process has been shut down due to
inactivity).
</summary>
</histogram>
<histogram name="Security.DataDecoder.Image.Reusable.EndToEndTime" units="ms"
expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `data_decoder::DecodeImage`. Logs the
time that has elapsed between 1) invocation of DecodeImage and 2) calling
the completion callback (both of these events happen in the Browser
process). The elapsed time covers A) spawning the utility process (if
needed), B) decoding the image, C) IPC overhead.
Note that there are 2 sets of similar metrics:
Security.DataDecoder.Image.Isolated. and
Security.DataDecoder.Image.Reusable. In the Isolated case a Utility process
is spawned for each image decoding operation and the ...End2End and
...ProcessOverhead metrics always include process spawning overhead. In the
Reusable case a Utility process may get reused when decoding a batch of
images, and the ...End2End and ...ProcessOverhead metrics may or may not
include process spawning overhead (the process will only need to be spawned
for the first image in a batch + after the process has been shut down due to
inactivity).
</summary>
</histogram>
<histogram name="Security.DataDecoder.Image.Reusable.ProcessOverhead"
units="ms" expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `data_decoder::DecodeImage`. Logs the
overhead of using a separate process for decoding the images by calculating
the difference between ...Image.Reusable.EndToEndTime and the
...Image.DecodingTime metrics.
Note that there are 2 sets of similar metrics:
Security.DataDecoder.Image.Isolated. and
Security.DataDecoder.Image.Reusable. In the Isolated case a Utility process
is spawned for each image decoding operation and the ...End2End and
...ProcessOverhead metrics always include process spawning overhead. In the
Reusable case a Utility process may get reused when decoding a batch of
images, and the ...End2End and ...ProcessOverhead metrics may or may not
include process spawning overhead (the process will only need to be spawned
for the first image in a batch + after the process has been shut down due to
inactivity).
</summary>
</histogram>
<histogram name="Security.DataDecoder.Json.DecodingTime" units="ms"
expires_after="2024-12-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged once for every invocation of `DataDecoder::ParseJson`. Logs the time
that has elapsed while decoding the input.
</summary>
</histogram>
<histogram name="Security.GwpAsan.Activated.{Allocator}.{Process}"
enum="Boolean" expires_after="2025-01-31">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Reports the activation state of {Allocator} GWP-ASan for {Process}. Reported
once when the memory system initializes.
</summary>
<token key="Allocator">
<variant name="Malloc"/>
<variant name="PartitionAlloc"/>
</token>
<token key="Process">
<variant name="Browser"/>
<variant name="Extension"/>
<variant name="Gpu"/>
<variant name="Ppapi"/>
<variant name="Renderer"/>
<variant name="Utility"/>
</token>
</histogram>
<histogram name="Security.GwpAsan.AllocatorOom.{Allocator}.{Process}"
units="allocations" expires_after="2025-01-31">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Reports how many allocations it took for {Allocator} GWP-ASan in {Process}
to hit OOM. Reported once when GWP-ASan fails to allocate
`GuardedPageAllocator::kOutOfMemoryCount` times in a row.
</summary>
<token key="Allocator">
<variant name="Malloc"/>
<variant name="PartitionAlloc"/>
</token>
<token key="Process">
<variant name="Browser"/>
<variant name="Extension"/>
<variant name="Gpu"/>
<variant name="Ppapi"/>
<variant name="Renderer"/>
<variant name="Utility"/>
</token>
</histogram>
<histogram name="Security.GwpAsan.CrashAnalysisResult.{Allocator}"
enum="GwpAsanCrashAnalysisResult" expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Reports the GWP-ASan crash analysis result. That can either be a
determination that the crash was related to GWP-ASan, not related to
GWP-ASan, or an error making that determination. Recorded with every crash.
</summary>
<token key="Allocator">
<variant name="Malloc"/>
<variant name="PartitionAlloc"/>
</token>
</histogram>
<histogram name="Security.HttpsFirstMode.InterstitialReason"
enum="HttpsFirstModeInterstitialReason" expires_after="2025-02-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the reason why the HTTPS-First Mode interstitial was shown. Only one
reason is recorded per interstitial.
</summary>
</histogram>
<histogram name="Security.HttpsFirstMode.NavigationEvent"
enum="HttpsFirstModeNavigationEvent" expires_after="2025-02-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Events for navigations that are upgraded from HTTP to HTTPS by HTTPS-First
Mode. Recorded for eligible navigations (HTTP main frame navigations that
are not allowlisted), if the profile is opted in to HTTPS-First Mode.
</summary>
</histogram>
<histogram name="Security.HttpsFirstMode.SettingChanged" enum="BooleanEnabled"
expires_after="2024-12-08">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the HTTPS-First Mode preference state when it changes for a profile.
Recorded for regular profiles only (not for Incognito, Guest, or Sign-in
profiles).
</summary>
</histogram>
<histogram name="Security.HttpsFirstMode.SettingChanged2"
enum="HttpsFirstModeSetting" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the HTTPS-First Mode setting state when it changes for a profile.
Recorded for regular profiles only (not for Incognito, Guest, or Sign-in
profiles). Supersedes Security.HttpsFirstMode.SettingChanged after the
rollout of HTTPS-First Balanced Mode. Note: Compared to the original
Security.HttpsFirstMode.SettingChanged histogram, this is logged at the
point of the UI setting changing, rather than the underlying prefs updating.
This change was made to avoid double-counting now that the feature logic is
controlled by multiple prefs.
</summary>
</histogram>
<histogram name="Security.HttpsFirstMode.SettingEnabledAtStartup"
enum="BooleanEnabled" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether the HTTPS-First Mode preference is enabled at profile
startup. Recorded for regular profiles only (not for Incognito, Guest, or
Sign-in profiles).
</summary>
</histogram>
<histogram name="Security.HttpsFirstMode.SettingEnabledAtStartup2"
enum="HttpsFirstModeSetting" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the HTTPS-First Mode setting state at profile startup. Recorded for
regular profiles only (not for Incognito, Guest, or Sign-in profiles).
Supercedes Security.HttpsFirstMode.SettingEnabledAtStartup.
</summary>
</histogram>
<histogram
name="Security.HttpsFirstModeWithEngagementHeuristic.AccumulatedHostCount"
units="hostnames" expires_after="2024-12-08">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the accumulated number of host that have HFM enabled at some point
due to the site engagement heuristic. Includes hosts that have HTTP allowed.
Recorded at the time of navigation when HFM upgrades trigger.
</summary>
</histogram>
<histogram name="Security.HttpsFirstModeWithEngagementHeuristic.Duration"
units="seconds" expires_after="2024-12-08">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration a host has HFM enabled due to the site engagement
heuristic. Only recorded for hosts removed from the HFM list. Recorded at
the time of navigation when HFM upgrades trigger.
</summary>
</histogram>
<histogram name="Security.HttpsFirstModeWithEngagementHeuristic.HostCount"
units="hostnames" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the current number of host that have HFM enabled due to the site
engagement heuristic. Includes hosts that have HTTP allowed. Recorded at the
time of navigation when HFM upgrades trigger.
</summary>
</histogram>
<histogram
name="Security.HttpsFirstModeWithEngagementHeuristic.NavigationEvent"
enum="HttpsFirstModeNavigationEvent" expires_after="2025-02-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Same as Security.HttpsFirstMode.NavigationEvent but only recorded iff HFM is
disabled by the UI setting and enabled by the Site Engagement Heuristic
because the site's HTTPS score is high and HTTP score is low.
</summary>
</histogram>
<histogram name="Security.HttpsFirstModeWithEngagementHeuristic.State"
enum="SiteEngagementHeuristicState" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether the HTTPS-First Mode got enabled or disabled on a site due
to its HTTP and HTTPS site engagement scores. Only recorded if the enabled
state changes. Recorded even for sites allowlisted to load over HTTP.
</summary>
</histogram>
<histogram name="Security.JSONParser.ChromiumExtensionUsage"
enum="JsonParserExtension" expires_after="2025-01-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the usage of the base::JSONParser's non-RFC-8259-conforming
extensions when parsing JSON documents. This histogram is emitted each time
an instance of non-conforming syntax is detected in a document.
</summary>
</histogram>
<histogram name="Security.JSONParser.ParsingTime" units="microseconds"
expires_after="2025-01-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time spent actually parsing JSON, excluding any time spent on
IPC. This histogram is emitted for each parse of a JSON value, regardless of
the size or complexity of that JSON.
The metric is reported for only clients with high-resolution clocks (i.e.
excludes a small percentage of Windows users population - see the
Windows.HasHighResolutionTimeTicks metric). This is okay, because we are
mostly interested in comparing C++ vs Rust and it seems okay to assume that
such comparison would give similar results for the filtered and non-filtered
population.
Data for this metric is missing before M122.
</summary>
</histogram>
<histogram name="Security.NavigationRequestSecurityLevel"
enum="NavigationRequestSecurityLevel" expires_after="2025-02-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level (e.g. secure, not secure, etc.) of each HTTP
request, recording one histogram per fetch (i.e. including redirects).
Starting from M128, initial HTTP requests to captive portal login pages are
not upgraded and this exclusion is recorded in the "HTTP request to a
captive portal login page" bucket. Previously, these requests could
have been put under various buckets depending on the captive portal
configuration.
</summary>
</histogram>
<histogram base="true" name="Security.PageEndReason" enum="PageEndReason"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the reason the page visit ended (e.g., reload, tab closed, new
navigation, etc.) for page loads that committed.
</summary>
</histogram>
<histogram name="Security.PageInfo.AboutThisSiteInteraction"
enum="AboutThisSiteInteraction" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks interactions with the AboutThisSite feature. Recorded when PageInfo
is opened and when the user interacts with the AboutThisSite row.
</summary>
</histogram>
<histogram name="Security.PageInfo.AboutThisSiteLanguageSupported"
enum="Boolean" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks whether AboutThisSite is available for the user's application locale.
Recorded every time PageInfo is opened.
</summary>
</histogram>
<histogram name="Security.PageInfo.AboutThisSiteStatus"
enum="AboutThisSiteStatus" expires_after="2025-03-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks status of AboutThisSite queries. Recorded every time PageInfo is
opened and information about a site is requested.
</summary>
</histogram>
<histogram name="Security.PageInfo.AdPersonalizationRowShown" enum="Boolean"
expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks whether the Ads Personalization section was shown. Recorded every
time PageInfo is opened.
</summary>
</histogram>
<histogram name="Security.PageInfo.Cookies.HasFPSInfo" enum="Boolean"
expires_after="M119">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks whether the FPS section was shown in the Cookies subpage. Recorded
every time Cookie subpage from PageInfo is opened.
</summary>
</histogram>
<histogram name="Security.PageInfo.TimeOpen" units="ms"
expires_after="2023-11-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time the Page Info bubble is open before the user
closes it or takes an action which closes it.
</summary>
</histogram>
<histogram name="Security.PageInfo.TimeOpen.Action" units="ms"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time the Page Info bubble is open before the user
closes it, for cases where the user has performed an action inside it.
</summary>
</histogram>
<histogram name="Security.PageInfo.TimeOpen.NoAction" units="ms"
expires_after="2024-10-20">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time the Page Info bubble is open before the user
closes it, for cases where the user performed no action inside it.
</summary>
</histogram>
<histogram name="Security.PrivateNetworkAccess.CheckResult"
enum="PrivateNetworkAccessCheckResult" expires_after="2024-12-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/private_network_access/OWNERS</owner>
<summary>
Result of the Private Network Access Check on a new connection. Recorded
once per call to network::URLLoader::OnConnected(), which may be more than
once per URL request.
</summary>
</histogram>
<histogram name="Security.PrivateNetworkAccess.PermissionDeviceValidity"
enum="PrivateNetworkDeviceValidity" expires_after="M128">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/private_network_access/OWNERS</owner>
<summary>
The device validity when calling Private Network Permission Prompt. Recorded
once per call for Private Network Access device chooser, which may be more
than once per URL request.
</summary>
</histogram>
<histogram name="Security.PrivateNetworkAccess.PermissionNewAcceptedDeviceType"
enum="NewAcceptedDeviceType" expires_after="M128">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/private_network_access/OWNERS</owner>
<summary>
The device type of a user accepted request to Private Network device. The
device is stored permenantly when it has valid name and ID. Otherwise, the
device is stored temporarily with IP address.
</summary>
</histogram>
<histogram name="Security.PrivateNetworkAccess.PrivateIpInferrable"
enum="Boolean" expires_after="2024-08-20">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/private_network_access/OWNERS</owner>
<summary>
Records whether a failed PNA check could have been avoided by inferring the
request's target IP address space by recognizing that the request URL's host
is a literal private IP address. Recorded at most once per URL request.
</summary>
</histogram>
<histogram name="Security.PrivateNetworkAccess.PrivateIpResolveMatch"
enum="Boolean" expires_after="2024-09-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/private_network_access/OWNERS</owner>
<summary>
Records whether a request to a literal private IP address resolved to that
private IP address. Recorded at most once per call to
`network::URLLoader::OnConnected()`, which may be more than once per URL
request.
</summary>
</histogram>
<histogram name="Security.SafetyTips.GetReputationStatusWithEngagedSitesTime"
units="ms" expires_after="2024-08-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time duration of a check for the reputation status of a site on
the main thread. Recorded on every check.
</summary>
</histogram>
<histogram name="Security.SafetyTips.Interaction" enum="SafetyTipInteraction"
expires_after="2023-06-18">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records a user's interaction with a Safety Tip. Recorded every time a user
uses one of the Safety Tip's buttons or dismisses it explicitly. Can be
normalized against Security.SafetyTips.SafetyTipShown, filtered to users
with the feature enabled to show the UI.
</summary>
</histogram>
<histogram name="Security.SafetyTips.SafetyTipIgnoredPageLoad"
enum="SafetyTipStatus" expires_after="2024-03-17">
<owner>[email protected]</owner>
<owner>src/chrome/browser/lookalikes/OWNERS</owner>
<summary>
Records the Safety Tip status of a page after navigation commit for a page
where the Safety Tip has previously been ignored.
Note: This histogram was expired from 2021-12-26 until 2023-01-19.
</summary>
</histogram>
<histogram name="Security.SafetyTips.SafetyTipShown" enum="SafetyTipStatus"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the Safety Tip status of a page after navigation commit or page
visibility change.
</summary>
</histogram>
<histogram name="Security.Sandbox.LandlockState" enum="LandlockState"
expires_after="2025-04-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged when `ContentMainRunnerImpl::Initialize` is called from the browser
process.
Records the status of the Landlock LSM on the system, whether it is enabled,
available but disabled, not available, or undetermined.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.NumPersistedReportsLoaded"
units="reports" expires_after="2024-05-19">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the number of persisted SCT auditing reports that were loaded and
deserialized from disk, if SCT auditing is enabled. Invalid persisted
reports are not counted. Recorded once shortly after browser startup (or
when the network service restarts).
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.DedupeCacheHWM" units="reports"
expires_after="2023-01-15">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the high-water-mark of the number of entries in the SCT auditing
dedupe cache. Recorded on a timer hourly, if SCT auditing is enabled.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportCompletionStatus"
enum="SCTAuditingReportCompletionStatus" expires_after="2024-06-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the final status of an SCT auditing report, when it has been
successfully received or it has run out of retries.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportDeduplicated" enum="Boolean"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a report was deduplicated (i.e., the SCTs were already in
the cache) or not. Recorded on each new report seen by the SCT auditing
cache (i.e., on each connection using certificate transparency).
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportersHWM" units="reporters"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the high-water-mark of the number of pending reporters in the SCT
auditing cache. Recorded on a timer hourly, if SCT auditing is enabled.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportSampled" enum="Boolean"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a report was sampled to be sent to Safe Browsing. Recorded
for each new report seen by the SCT auditing cache that was not
deduplicated.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportSize" units="bytes"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the size of an SCT auditing report that will be sent to Safe
Browsing (i.e., was not deduplicated and was sampled).
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptIn.ReportSucceeded" enum="Boolean"
expires_after="2024-07-28">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether sending an SCT auditing report succeeded or not. This is
recorded after we receive the headers from the server (or we stop due to a
connection error).
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptOut.DroppedDueToLogNotFound"
enum="Boolean" expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a hashdance report was dropped due to not finding the log
metadata for the selected SCT. Recorded once when creating a new auditing
report, but before the report is sampled or deduplicated.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptOut.LookupQueryResult"
enum="SCTLookupQueryResult" expires_after="2024-07-28">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the result of a hashdance lookup query. Recorded once per query
regardless of whether the query succeeded, failed, or is a retry.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptOut.PopularSCTSkipped" enum="Boolean"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether an SCT selected for a hashdance lookup query was skipped
because it was found on the Popular SCTs list. Recorded once when creating a
new auditing report, but before the report is sampled or deduplicated.
</summary>
</histogram>
<histogram name="Security.SCTAuditing.OptOut.ReportCount" units="reports"
expires_after="2024-05-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records how many full SCT auditing reports the client has sent (i.e., after
a successful hashdance lookup query resulting in kSCTSuffixNotFound). This
count is tracked per-client in a pref to limit how many full reports a
client can send. This metric is emitted every time this count is checked by
the SCT auditing code, after sampling is performed, and only once per report
(including across browser restarts). This metric is only emitted for SCT
auditing hashdance users.
</summary>
</histogram>
<histogram name="Security.SecurityLevel.DownloadStarted" enum="SecurityLevel"
expires_after="2023-11-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level of the page that initiated a download (rather
than the security state of the connection to the download URL itself). The
recorded security level is the level of the page the download was initiated
from, not that of the download URL. This histogram is not recorded for
downloads that are initiated in a new tab or window, as the security level
of the initiating page cannot be tracked.
</summary>
</histogram>
<histogram name="Security.SecurityLevel.FormSubmission" enum="SecurityLevel"
expires_after="2023-11-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level of a page when submitting a form. This histogram
is recorded whenever a form submission navigation begins. The recorded
security level is the level of the page the form was submitted from, not the
one that the form targets.
</summary>
</histogram>
<histogram name="Security.SecurityLevel.InsecureMainFrameFormSubmission"
enum="SecurityLevel" expires_after="2023-08-14">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level of a page when submitting a form on a top-frame
navigation with a non-cryptographic scheme. This histogram is recorded
whenever a form submission navigation begins. The recorded security level is
the level of the page the form was submitted from, not the one that the form
targets.
</summary>
</histogram>
<histogram name="Security.SecurityLevel.OnCommit" enum="SecurityLevel"
expires_after="2025-03-17">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level of a page at the time the navigation commits.
Note that the security level of a page can change after commit time, so this
histogram should often be compared against
Security.SecurityLevel.OnComplete.
</summary>
</histogram>
<histogram name="Security.SecurityLevel.OnComplete" enum="SecurityLevel"
expires_after="2025-03-14">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the security level of a page at the end of the page visit (i.e.,
navigating away from the page, reloading the page, clicking a link, closing
the tab, etc.). Note that this security level can be different than the
initial security level of the page, so this histogram should often be
compared against Security.SecuritLevel.OnCommit.
</summary>
</histogram>
<histogram base="true" name="Security.SiteEngagement" units="units"
expires_after="2023-11-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The final Site Engagement score (0 to 100) of a URL during a visit to a
page. Recorded when the user closes the page or initiates a new navigation.
</summary>
</histogram>
<histogram base="true" name="Security.TimeOnPage2" units="ms"
expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time spent on the page (the time that the page was in the
foreground from the start of the navigation to the page visit completing due
to a new navigation or the tab being closed). This aggregates all foreground
time over the entire visit (multiple times in the foreground are added
together).
</summary>
</histogram>
<histogram name="SiteIsolation.BrowsingInstance.MaxCountPerProcess"
units="units" expires_after="2025-05-18">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The maximum number of BrowsingInstances seen in a RenderProcessHost over its
lifetime. Recorded once when
ChildProcessImpl::SecurityState::~SecurityState() is invoked.
</summary>
</histogram>
<histogram name="SiteIsolation.BrowsingInstanceCount" units="units"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of all current BrowsingInstances. Recorded once per UMA ping.
</summary>
</histogram>
<histogram name="SiteIsolation.IsolatableSandboxedIframes" units="processes"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of sandboxed iframes that (i) are same-site (and therefore not
already process-isolated) and (ii) eligible to be process isolated if
SiteIsolationPolicy::AreIsolatedSandboxedIframesEnabled() is true. A
sandboxed iframe is eligible for process-isolation so long as it doesn't
have `allow-same-origin` among its sandbox permissions, and it isn't an
about:blank url. This metric measures the upper bound on the process
overhead of isolating sandboxed iframes, namely the case where every
sandboxed iframe is placed in its own process. Note that the computation of
this metric is independent of the current process model. Recorded once per
UMA ping.
</summary>
</histogram>
<histogram name="SiteIsolation.IsolatableSandboxedIframes.UniqueOrigins"
units="processes" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of unique origins among the sandboxed iframes reported in
SiteIsolation.IsolatableSandboxedIframes. Used to estimate the potential
process overhead if a per-origin process model is used for isolating the
sandboxed iframes instead of the (current) per-site process model. Note that
the computation of this metric is independent of the current process model.
Recorded once per UMA ping.
</summary>
</histogram>
<histogram name="SiteIsolation.IsolatableSandboxedIframes.UniqueSites"
units="processes" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of unique sites among the sandboxed iframes reported in
SiteIsolation.IsolatableSandboxedIframes. Note that the computation of this
metric is independent of the current process model. Recorded once per UMA
ping.
</summary>
</histogram>
<histogram name="SiteIsolation.IsPasswordFormSubmittedInDedicatedProcess"
enum="SiteIsolationIsDedicatedProcess" expires_after="2025-08-07">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logs whether or not a password form was submitted from a site-isolated
process that's dedicated to a single site. Recorded when a password form is
submitted.
</summary>
</histogram>
<histogram
name="SiteIsolation.NewProcessUsedForNavigationWhenSameSiteProcessExists"
enum="Boolean" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a new process is used for navigation when there are other
same site process(es). Recorded for the outer-most main frame navigation
when navigation is committed (cross-origin redirects are not recorded).
</summary>
</histogram>
<histogram name="SiteIsolation.OutOfProcessIframes" units="oopifs"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of all out-of-process iframes. Recorded once per UMA ping.
</summary>
</histogram>
<histogram name="SiteIsolation.OutOfProcessInnerFrameTrees" units="frame trees"
expires_after="2025-07-21">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of all out-of-process inner frame trees. Recorded once per UMA
ping.
</summary>
</histogram>
<histogram
name="SiteIsolation.ProcessPerSiteWithMainFrameThreshold.BlockReason"
enum="ProcessPerSiteWithMainFrameThresholdBlockReason"
expires_after="2024-10-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The reason why process sharing is disallowed when
ProcessPerSiteUpToMainFrameThreshold feature is enabled. Recorded when
initializing a frame tree or getting a site instance for navigation.
</summary>
</histogram>
<histogram
name="SiteIsolation.ProcessPerSiteWithMainFrameThreshold.IsDevToolsUser"
enum="Boolean" expires_after="2024-10-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether any profile exists with devtools last opened time within 7 days and
ProcessPerSiteWithMainFrameThreshold feature will be opted out because of
this. This is logged once per browser process launch.
</summary>
</histogram>
<histogram name="SiteIsolation.ProxyCount" units="proxies"
expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of all RenderFrameProxyHosts. Recorded once per UMA ping.
</summary>
</histogram>
<histogram name="SiteIsolation.ProxyCountPerBrowsingInstance" units="units"
expires_after="2025-07-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of RenderFrameProxyHosts in each BrowsingInstance. Recorded each
UMA ping, once per BrowsingInstance.
</summary>
</histogram>
<histogram name="SiteIsolation.ReusePendingOrCommittedSite.CouldReuse2"
enum="ReusePendingOrCommittedSiteEnum" expires_after="2023-06-04">
<owner>[email protected]</owner>
<summary>
Whether SiteInstances with a ProcessReusePolicy of
REUSE_PENDING_OR_COMMITTED_SITE could reuse an existing RenderProcessHost or
they had to create a new one. True when they reused an existing process,
false when they created a new one.
(Was expired between M77 and M105 before moving on to V2.)
</summary>
</histogram>
<histogram
name="SiteIsolation.ReusePendingOrCommittedSite.TimeSinceReusableProcessDestroyed"
units="ms" expires_after="2024-04-28">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Recorded on navigations with a ProcessReusePolicy of
REUSE_PENDING_OR_COMMITTED_SITE (mostly subframe navigations). Measures the
time since a RenderProcessHost hosting the destination URL was last
destroyed, up to 10 seconds. If no host matching the destination was
recently destroyed, a sentinel value of 20 seconds is used.
</summary>
</histogram>
<histogram name="SiteIsolation.SavedOAuthSites.Size" units="origins"
expires_after="2025-02-23">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of currently saved sites that had been isolated due to OAuth.
This is only used by Site Isolation on Android. Recorded once on browser
startup.
</summary>
</histogram>
<histogram name="SiteIsolation.SavedUserTriggeredIsolatedOrigins.Size"
units="origins" expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of currently saved user-triggered isolated sites. This includes
sites where the user has entered a password while using Site Isolation for
password sites (which is a currently active site isolation mode on Android).
Recorded once on browser startup.
</summary>
</histogram>
<histogram name="SiteIsolation.SavedWebTriggeredIsolatedOrigins.Size"
units="origins" expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The number of currently saved web-triggered isolated sites. This includes
sites that were isolated due to Cross-Origin-Opener-Policy headers, which is
a heuristic used for site isolation on Android. Recorded once on browser
startup.
</summary>
</histogram>
<histogram name="SiteIsolation.SiteInstancesPerBrowsingInstance" units="units"
expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The count of SiteInstances in a single BrowsingInstance. Recorded each UMA
ping, once per BrowsingInstance.
</summary>
</histogram>
</histograms>
</histogram-configuration>
Codebase Browser
chromium