A captive portal is a web page that a network presents to new users before granting full internet access. When you connect to public Wi-Fi in a hotel, airport, coffee shop, or hospital, the network operator intercepts your traffic and redirects you to a login or terms-acceptance page.
How Captive Portals Work
- Your device connects to the Wi-Fi network and receives an IP address via DHCP.
- Your device sends a "captive portal detection" probe (typically to a known URL like
connectivitycheck.gstatic.com). - The network's gateway intercepts this request and returns an HTTP redirect to the captive portal login page.
- Your device detects the redirect and shows a pop-up browser window with the portal.
- After you accept terms or log in, the gateway marks your MAC address as authorized and allows full internet traffic.
Why Captive Portals Exist
- Legal compliance: Logging who used the network (hotels, airports are sometimes legally required to do this)
- Revenue: Paid Wi-Fi that requires purchase of access
- Terms of service: Require acceptance before use
Security Risks of Captive Portals
Captive portals are inherently insecure. They intercept your traffic and can expose session cookies on HTTP connections. The portal itself may be on an unverified server. After passing the portal, you are on a shared public Wi-Fi network that carries risks. Use a VPN immediately after completing portal authentication. See: best VPN for public Wi-Fi.
People Also Ask
- Why is my Wi-Fi showing as a captive portal?
- Your device detected that the network is intercepting your traffic and requires authentication. This is normal for public Wi-Fi networks.
- How do I disable captive portal?
- You cannot disable captive portal detection in your OS - it is a security feature. You can disable captive portal detection for specific networks, but this means the portal window will not pop up automatically and you would need to navigate to it manually.
Related: Captive portal not showing on Mac | VPN blocking captive portal | VPN for public Wi-Fi