How do I tell if my connection to a website is secure?

When you visit a website, the Site Identity button (a padlock) appears in the address bar to the left of the web address. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.

Fx89AddressBarPadlock

When viewing a secure website, the Site Identity button will be a padlock. In a few cases, however, you may see a padlock with a warning triangle Fx89Padlock-Triangle or a padlock with a red strike over it Fx89Padlock-RedLine.

Clicking the padlock Fx89Padlock to the left of the address bar brings up the Site Information panel, which allows you to view more detailed information about the connection's security status.
Warning: You should never send any sensitive information (such as bank information, credit card data or social security numbers) to a website if the address bar shows a padlock with a warning triangle or red strike over it. In such cases, you may not be communicating with the intended website and your data isn't safe against eavesdropping!

Padlock

A padlock Fx89Padlock with no warning triangle or red strike over it indicates that:

  • You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Click the padlock to find out if the website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.

For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the padlock.

Padlock with a warning triangle

A padlock with a warning triangle Fx89Padlock-Triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. By default, Firefox does not block insecure passive content such as images; you will simply see a warning that the page isn't fully secure. For more information, see Mixed content blocking in Firefox.

Do not send any sensitive information to sites where the Site Identity button is a padlock with a warning triangle.

A padlock with a warning triangle also appears for website certificate warnings, such as for sites with self-signed certificates or certificates that aren’t issued by a trusted authority. This is a problem the site developer needs to resolve.

Padlock with a red strike over it

A padlock with a red strike over it Fx89Padlock-RedLine indicates that the connection between Firefox and the website is either delivered using an insecure protocol (HTTP) or that it is only partially encrypted because you've manually deactivated mixed content blocking. The site doesn't prevent against eavesdropping or man-in-the-middle attacks.

Do not send any sensitive information to sites where the Site Identity button is a padlock with a red strike over it.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More