How do I tell if my connection to a website is secure?
The Site Identity button (a padlock) appears in your address bar when you visit a secure website. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.
The Site Identity button is in the address bar to the left of the web address. Most commonly, when viewing a secure website, the Site Identity button will be a green padlock.
However, in some rarer circumstances, it may also be a gray padlock with a yellow warning triangle or a broken padlock (a padlock with a red strikethrough).
Note: Clicking the button at the left of the address bar brings up the Control Center, which allows you to view more detailed information about the connection's security status and to change some security and privacy settings.
Table of Contents
A green padlock (with or without an organization name) indicates that:
- You are definitely connected to the website whose address is shown in the address bar; the connection has not been intercepted.
- The connection between Firefox and the website is encrypted to prevent eavesdropping.
A green padlock plus the name of the company or organization, also in green, means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.
For sites using EV certificates, the Site Identity button displays both a green padlock and the legal company or organization name and location of the owner of the website, so you know who is operating it. For example, it shows that mozilla.org is owned by the Mozilla Foundation.
Gray padlock with yellow warning triangle
A gray padlock with a yellow warning triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. This also appears on websites with self-signed certificates that are not issued by a trusted authority.
For information about what "partially encrypted" means, see Mixed content blocking in Firefox. This is a problem the site developer needs to resolve.
Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a yellow warning triangle icon.
Gray padlock with red strikethrough
A padlock with red strikethrough indicates that the connection between Firefox and the website is only partially encrypted and doesn’t prevent against eavesdropping or man-in-the-middle attacks.
This icon will not appear unless you’ve manually deactivated mixed content blocking.
Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray padlock with red strikethrough icon.
Last Update: 2017-06-16