It is January 2025, and not every website supports post quantum cryptography (PQC) yet. Even if you have a modern web browser that supports PQC, if the website you are connected with does not support PQC, any secure web session with that site will not use PQC. This potentially exposes you to “store now decrypt later” attacks, where a malicious actor (like a cybercriminal or unfriendly nation state) can capture your encrypted, and otherwise secure, web session and decrypt it in the not-too-distant future.
How can you tell if the website you are connected to has used PQC in your secure web session?
If you are a non-technical user, like most people who use the Internet, you can use a browser extension like the Quantum Safety add-on for Firefox. However, due to current technical limitations, this type of browser extension cannot be made for browsers like Chrome. Note that Safari doesn’t currently support PQC.
This article will explain for technical users how they can use web developer features in Firefox or Chrome browsers to see the PQC support of any website that they are connected to. In this way, you can be more comfortable in knowing that your sensitive information is protected from store now decrypt later attacks.
How to use Firefox to see PQC support of a website
Note that the following instructions relate to Firefox v134.0 and the screenshots may look slightly different on other versions of the browser.
First, open the Firefox settings menu by clicking the hamburger button.

Under the “More tools” menu open, select “Web Developer Tools”.

This will add the Web Developer Tools to the bottom of the current tab. Other browser tabs will be unaffected.
Click on the Network panel within the tools.

Now you can open a website in this tab to check whether it will use PQC with your browser. I have used https://pq.cloudflareresearch.com/ as it is specifically for testing PQC support. If the page doesn’t state that you are “post-quantum secure”, your browser doesn’t support PQC, so you will need to change or update your browser.
Click on a component of the website, such as the main page in the first entry. You may need to adjust the size of the top part of the tools, and scroll up to find the component you want. A set of panels will appear on the right hand side, beginning with Headers and Cookies tabs.

Finally, click on the Security tab. It will show the “Key Exchange Group” where any PQC algorithm used is listed.

In this case, it shows “mlkem768x25519” which is a PQC algorithm, specifically a hybrid algorithm using ML-KEM of dimension 768 and the Elliptic Curve algorithm based on curve 25519. In general, if you see “mlkem” somewhere in this string, it will be a PQC algorithm, and if you don’t, it isn’t. Currently, ML-KEM (Module Lattice Key Encapsulation Mechanism) is the only NIST-standardised PQC algorithm used to secure TLS or QUIC.
How to use Chrome to see PQC support of a website
Note that the following instructions relate to Google Chrome v132.0 and the screenshots may look slightly different on other versions of the browser.
First, open the Chrome settings menu, and under the “More Tools” menu, select “Developer Tools”.

This will add the Developer Tools to the side of the current tab. Other browser tabs will be unaffected.
Click on the “>>” symbol along the list of panels, and select the Security panel.

Now you can open a website in this tab to check whether it will use PQC with your browser. I have used https://pq.cloudflareresearch.com/ as it is specifically for testing PQC support. If the page doesn’t state that you are “post-quantum secure”, your browser doesn’t support PQC, so you will need to change or update your browser.
An overview of the security of the website will be shown in the Security panel.

Under Connection, it lists “X25519MLKEM768” as one of the algorithms used to secure the connection to the web site. This refers to a hybrid algorithm using the Elliptic Curve algorithm based on curve 25519 and ML-KEM of dimension 768. In general, if you see “mlkem” somewhere in this string, it will be a PQC algorithm, and if you don’t, it isn’t. Currently, ML-KEM (Module Lattice Key Encapsulation Mechanism) is the only NIST-standardised PQC algorithm used to secure TLS or QUIC.
You can also click on specific components of the website, e.g. under “Main origin” or “Secure origins” to get more granular details.

The PQC algorithm, if one is used, will be shown next to “Key exchange”.