How do I tell if my connection to a website is secure?

Firefox Firefox Last updated: 3 days ago 71% of users voted this helpful

When you visit a website, the Site Identity button (a padlock)Unified Trust Panel icon (a shield) appears in the address bar to the left of the web address. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.

Fx149UnifiedTrustAddressbar-SecureFx138AddressBarPadlock

When viewing a secure website, the Site Identity button will be a padlock Fx89Padlock. In a few cases, however, you may see a padlock with a warning triangle Fx89Padlock-Triangle or a padlock with a red strike over it Fx89Padlock-RedLine.

Clicking the shieldpadlock to the left of the address bar brings up the Site Information panel, which allows you to view more detailed information about the security status of the connection.
Warning: You should never send any sensitive information (such as bank information, credit card data or social security numbers) to a website if the address bar shows a padlock with a Fx89Padlock-Triangle warning triangle or Fx89Padlock-RedLine shield Fx149UnifiedTrustIcon-NotSecure with a red strike over it. In such cases, you may not be communicating with the intended website and your data isn't safe against eavesdropping!

Padlock

A padlock Fx89Padlock with no red strike over it indicates that:

  • You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Click the padlock to find out if the website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the padlock.

Padlock with a warning triangle

A padlock with a warning triangle Fx89Padlock-Triangle appears for website certificate warnings, such as for sites with self-signed certificates or certificates that aren’t issued by a trusted authority. This is a problem the site developer needs to resolve.

Do not send any sensitive information to sites where the Site Identity button is a padlock with a warning triangle.

Padlock with a red strike over it

A padlock with a red strike over it Fx89Padlock-RedLine indicates that the connection between Firefox and the website is delivered using an insecure protocol (HTTP) or that it is only partially encrypted because you've manually deactivated mixed content blocking. The site doesn't prevent against eavesdropping or man-in-the-middle attacks.

Do not send any sensitive information to sites where the Site Identity button is a padlock with a red strike over it.

Shield with a check mark

A shield Fx149UnifiedTrustIcon-Secure with a check mark indicates that:

  • You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Click the shield icon and then click on Connection secure at the top of the panel that opens, to find out if the website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. For sites using EV certificates, the Connection panel will display the legal company or organization name and location of the website owner.

Note: A shield with a check mark also indicates that Enhanced Tracking Protection is on for the website and is blocking trackers and scripts.

Shield with an x mark

A shield with an x mark Fx149UnifiedTrustIcon-ETPoff will appear when you turn off Enhanced Tracking Protection (ETP) for a website. If a site seems broken, disabling ETP might fix the issue by allowing trackers and scripts on just that website. You can click the shield icon and toggle the switch to turn protection back on for the site.

Shield with a red strike over it

A shield with a red strike over it Fx149UnifiedTrustIcon-NotSecure indicates that the connection between Firefox and the website is delivered using an insecure protocol. The site doesn't prevent against eavesdropping or man-in-the-middle attacks. It also appears for website certificate warnings, such as for sites with self-signed certificates or certificates that aren’t issued by a trusted authority. This is a problem the site developer needs to resolve.

Do not send any sensitive information to sites where the Unified Trust Panel icon is a shield with a red strike over it.

These fine people helped write this article:

AliceWyman, Chris Ilias, philipp, Underpass, novica, Tonnes, Michele Rodaro, Michael Verdi, gerv, scoobidiver, John99, TyDraniu, ahmed, Joergen, Mozinet, cammy_the_block, tanvi, Lan, grubert, scootergrisen, Joni, Artist, Parmveer, Élie Michel, Alexander Dmitriev, Mkll, Lamont Gardenhire, Flavius Floare
Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More

Related Articles

todo: title

Site Information panel

The Site Information panel is where you can view information about a website's connection security and identity. Connection security A padlock...