High-risk tools in Chrome Devtools
8 of the 29 tools in Chrome Devtools are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
emulateExecuteEmulates various features on the selected page.
-
lighthouse_auditExecuteGet Lighthouse score and reports for accessibility, SEO, best practices, and agentic browsing. This excludes performance. For performance audits, run performance_start_trace
-
navigate_pageExecuteGo to a URL, or back, forward, or reload. Use project URL if not specified otherwise.
-
new_pageExecuteOpen a new tab and load a URL. Use project URL if not specified otherwise.
-
performance_analyze_insightExecuteProvides more detailed information on a specific Performance Insight of an insight set that was highlighted in the results of a trace recording.
-
performance_start_traceExecuteStart a performance trace on the selected webpage. Use to find frontend performance issues, Core Web Vitals (LCP, INP, CLS), and improve page load speed.
-
performance_stop_traceExecuteStop the active performance trace recording on the selected webpage.
-
wait_forExecuteWait for the specified text to appear on the selected page.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.