sfw/fix
CHROME_INTERSTITIAL_ERROR critical

Lighthouse error "CHROME_INTERSTITIAL_ERROR"

Chrome showed a full-page warning screen before the site loaded, so Lighthouse aborted instead of measuring anything.

What you see

Chrome prevented page load with an interstitial. (CHROME_INTERSTITIAL_ERROR)
Make sure you are testing the correct URL and that the server is properly responding to all requests.

What’s actually happening

The audit stops cold and reports an interstitial. This is the same red screen you'd see manually — "Your connection is not private" or a Safe Browsing "Deceptive site ahead" warning — except headless Chrome can't click through it. No metrics are produced because the real page never rendered.

Common causes

  • TLS certificate is expired, self-signed, or issued for the wrong hostname (NET::ERR_CERT_COMMON_NAME_INVALID), triggering the privacy warning
  • The certificate chain is incomplete — the server sends the leaf cert but omits the intermediate, which Chrome rejects even though some browsers patch it
  • Google Safe Browsing has flagged the domain for malware or phishing, so Chrome blocks it before load
  • HSTS is enforced but the cert is invalid — Chrome refuses to offer a click-through, hard-failing the audit
  • Mixed or broken HTTPS config after a recent cert renewal where the new cert wasn't installed correctly

How to fix it

  1. Check the certificate from the command lineecho | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates -subject. Confirm notAfter hasn't passed and the subject/SAN matches the audited hostname. An expired or mismatched cert is the most common trigger.
  2. Verify the full chain is servedRun the domain through ssllabs.com/ssltest. If it reports "chain issues — incomplete," your server is missing the intermediate cert. Reinstall the fullchain.pem (Let's Encrypt) or concatenate the CA bundle, not just the leaf certificate.
  3. Check Safe Browsing statusOpen Google's Safe Browsing site status page (transparencyreport.google.com/safe-browsing/search) and enter the domain. If it's flagged, find and remove the malware/injected content, then request a review in Search Console under Security Issues. The interstitial clears only after Google re-scans.
  4. Reissue or fix the cert for the exact hostnameIf the cert covers example.com but you audited www.example.com (or vice versa), issue a cert with both names in the SAN, or use a wildcard. Renew anything expired and restart the web server so it picks up the new file.
  5. Confirm the fix from a clean browser profileOpen the URL in an incognito window — interstitials don't get cached away there. If you reach the page without a warning, re-run Lighthouse. Headless Chrome sees exactly what that clean profile sees.

Stop it recurring

Monitor cert expiry (a uptime/SSL monitor that alerts ~14 days out) and serve the complete chain so renewals never lapse into a privacy warning.

Related errors

Lighthouse error "DNS_FAILURE": servers could not resolve domain

critical

Lighthouse's headless Chrome could not resolve the hostname to an IP, so the audit never loaded the page.

Lighthouse/PageSpeed error "NOT_HTML"

high

The URL returned a non-HTML content type, so Lighthouse refused to audit it as a web page.

Lighthouse returned error: NO_FCP

high

PageSpeed's test aborted because Chrome never detected a first contentful paint inside its 15-second load budget.

Largest Contentful Paint (LCP) too slow

high

The biggest element above the fold paints later than 2.5s, so the page feels slow to load and rankings suffer.