Compare Revisions

secure https padlock lock grey

Firefox uses a padlock icon next to a website's URL to let you know your connection is encrypted. Click on the icon for more information.

<!-- This article was rewritten in two sections, one {for not fx42} and another {for fx42}. This was then redone in two parts (above the TOC and below the TOC) since the TOC cannot be inserted more than once. --> {for not fx42} The Site Identity button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to obtain your personal information. The Site Identity button is in the Location bar to the left of the web address. {for win,mac}[[Image:site identity]]{/for}{for linux}[[Image:site identity fx39 Linux en]]{/for} When viewing a website, the Site Identity button will be one of five icons - a gray globe, a gray warning triangle, an orange warning triangle, a gray padlock, or a green padlock. Clicking on these icons will display identity and security information about the website. [[Image:identity icons toc order]] <!-- Sept 2014 by Artist: the new image shows the icons in the same order as TOC and as described in the paragraph above --> Clicking on the {button More Information} button on the pop-up panel will show more details about the privacy and security settings of that site, such as certificate information, cookies and your saved password history. {/for} {for fx42} The Site Identity button appears in your address bar to communicate information about sites you visit. You can quickly find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to obtain your personal information. [[Image:site identity]] The Site Identity button is in the address bar to the left of the web address. When viewing a website, the Site Identity button will be one of five icons - a gray globe, a green padlock, a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough. Clicking the Site Identity button brings up the [[Control Center - manage site privacy and security controls | Control Center]], which allows you to view identity information about the site and change security settings. [[Image:http globe desktop]][[Image:green lock 42]][[Image:blocked secure 42]][[Image:orange triangle grey lock 42]][[Image:unblocked mixed content 42]] {/for} __TOC__ {for not fx42} = Gray globe = A gray globe indicates: *The website does not supply identity information. *The connection between Firefox and the website is not encrypted and should not be considered safe against eavesdropping. {for win,mac}[[Image:grey globe fx29]]{/for}{for linux}[[Image:grey globe fx39 Linux en]]{/for} Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections. {note}'''Note:''' If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should '''not''' be a gray globe icon.{/note} = Gray warning triangle = A gray warning triangle indicates: *The website does not supply identity information. *The connection between Firefox and the website is only partially encrypted, doesn't prevent eavesdropping and is not fully secure because it contains unencrypted elements (such as images, video or audio). Other people can view or modify these elements, but not the main webpage content (such as text). {for win,mac}[[Image:grey triangle]]{/for}{for linux}[[Image:grey triangle fx39 Linux en]]{/for} = Orange warning triangle = An orange warning triangle indicates: *The website does not supply identity information. *The connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. The website contains interactive content that isn't encrypted (such as scripts). Other people can view your information or modify the website's behavior. {for win,mac}[[Image:orange triangle fx29]]{/for}{for linux}[[Image:orange triangle fx39 Linux en]]{/for} It implies that you've previously allowed the mixed active content served over HTTPS to be loaded, displayed or executed for the website despite the risks. See [[Mixed content blocking in Firefox]]. Going to another website in the current tab and then going back or re-visiting the website in a new tab will block back certain HTTP requests to lower threats, change the icon to its previous state (a gray warning triangle for mixed passive content and gray or green padlock otherwise) and display the content mixer shield icon. For information about the mixed content block, see [[Mixed content blocking in Firefox]]. {note}'''Note:''' If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should '''not''' be an orange warning triangle icon.{/note} = Gray padlock = A gray padlock indicates: *The website's address has been verified. *The connection between Firefox and the website is encrypted to prevent eavesdropping. {for win,mac}[[Image:grey lock fx29]]{/for}{for linux}[[Image:grey lock fx39 Linux en]]{/for} When a domain has been verified, it means that the people who are running the site have bought a certificate proving that the domain is not being spoofed. For example, {for win,mac}Facebook{/for}{for linux}Wikimedia Foundation{/for} has this sort of certificate and an encrypted connection, so the Site Identity Button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to {for win,mac}facebook<!-- -->.com{/for}{for linux}wikipedia<!-- -->.org{/for} as certified by {for win,mac}VeriSign Inc.{/for}{for linux}GlobalSign nv-sa.{/for} It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your {for win,mac}Facebook{/for}{for linux}Wikipedia{/for} login information that way. However, it is not verified who actually owns the domain in question. There is no guarantee that {for win,mac}facebook<!-- -->.com{/for}{for linux}wikipedia<!-- -->.org{/for} is actually owned by {for win,mac}Facebook the company{/for}{for linux}Wikimedia Foundation{/for}. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted. = Green padlock = A green padlock indicates: *The website's address has been verified using an Extended Validation (EV) certificate. *The connection between Firefox and the website is encrypted to prevent eavesdropping. {for win,mac}[[Image:green lock fx29]]{/for}{for linux}[[Image:green lock fx39 Linux en]]{/for} A green padlock plus the name of the company or organization in green means this website is using an [https://en.wikipedia.org/wiki/Extended_Validation_Certificate Extended Validation (EV) certificate]. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure ''and'' that the owners of the domain are who you would expect them to be. With the EV certificate, the Site Identity Button assures you that {for win,mac}paypal<!-- -->.com{/for}{for linux}mozilla<!-- -->.org{/for} is owned by {for win,mac}Paypal Inc.{/for}{for linux}Mozilla Foundation{/for}, for example. Not only does the padlock turn green on the {for win,mac}Paypal site{/for}{for linux}Mozilla official website{/for}, it also expands and displays the name of the owner in the button itself. {/for} {for fx42} =Gray globe= A gray globe indicates: *The website does not supply identity information. *The connection between Firefox and the website is not encrypted and should not be considered safe against eavesdropping or [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks]. [[Image:globe url bar 42]] Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections. It applies to websites served over HTTP (not encrypted). '''Note:''' If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be a gray globe icon. =Green padlock= A green padlock (with or without an organization name) indicates that: *The website's address has been verified using a Domain-validated (DV) or Extended Validation (EV) certificate. *The connection between Firefox and the website is encrypted to prevent eavesdropping. [[Image:green lock address bar 42]] A green padlock indicates that the connection is secure and the website is using a [https://en.wikipedia.org/wiki/Domain-validated_certificate Domain-validated (DV) certificate]. A DV certificate indicates that the entity you're connecting with owns that domain based on the registry. A green padlock plus the name of the company or organization in green means this website is using an [https://en.wikipedia.org/wiki/Extended_Validation_Certificate Extended Validation (EV) certificate]. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While a green padlock (DV) indicates that your connection is safe against eavesdropping, a green padlock with the name of an organization (EV) means the website is owned by a real, legal entity. With the EV certificate, the Site Identity button assures you that paypal<!-- -->.com is owned by Paypal Inc., for example. Not only does the padlock turn green on the Paypal site, it also expands and displays the name of the owner in the button itself. =Green padlock with gray warning triangle= A green padlock with a gray warning triangle [[Image:blocked secure 42]] indicates that the site is secure because Firefox has blocked insecure content. See [[Mixed content blocking in Firefox]] for more information. =Gray padlock with yellow warning triangle= A gray padlock with a yellow warning triangle indicates: *The website does not supply identity information. *The connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. [[Image:grey lock yellow tri url bar 42]] For information about what "partially encrypted" means, see [[Mixed content blocking in Firefox]]. '''Note:''' If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity button should not have an orange warning triangle icon. =Gray padlock with red strikethrough= A gray padlock with red strikethrough indicates that: *The website supplies identity information. *The connection between Firefox and the website is only partially encrypted and doesn’t prevent against eavesdropping or [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks]. [[Image:lock red strikethrough 42]] The page is only partially served over HTTPS and allows sensitive information to be passed back and forth over HTTP. Do not enter personal information on sites that show this icon. '''Note''': This icon will not appear unless you’ve deactivated [[Mixed content blocking in Firefox | mixed content blocking]]. {/for}