How do I tell if my connection to a website is secure?

The Site Identity button (a padlock) appears in the address bar to the left of the web address, when you visit a secure website. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.

Most commonly, when viewing a secure website, the Site Identity button will be a green padlock green lock 42 gray padlock Gray padlock - Firefox 70 .

However, in a few cases you may see no padlock, a gray padlock with a yellow warning triangle orange triangle grey lock 42 or a gray padlock with a red strike over it unblocked mixed content 42 .

Clicking the Site Info button button to the left of the address bar brings up the Site Information panel, which allows you to view more detailed information about the connection's security status and to change your security and privacy settings.
Clicking the Fx70GreyPadlock padlock to the left of the address bar brings up the Site Information panel, which allows you to view more detailed information about the connection's security status.
Warning: You should never send any sort of sensitive information (bank information, credit card data, social security numbers, etc.) to a website if the address bar does not show a greengray padlock. In such cases, it hasn’t been verified that you’re communicating with the intended website and your data isn’t safe against eavesdropping!

Green padlock

A green padlock (with or without an organization name) indicates that:

  • You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

A green padlock plus the name of the company or organization, also in green, means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.

Gray padlock

A gray padlock indicates that:

  • You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Click the gray padlock to find out if the website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.

For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock.

Gray padlock with yellow warning triangle

A gray padlock with a yellow warning triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. This also appears on websites with self-signed certificates or certificates that aren’t issued by a trusted authority.

For information about what "partially encrypted" means, see Mixed content blocking in Firefox. This is a problem the site developer needs to resolve.

Do not send any sort of sensitive information (bank information, credit card data, social security numbers, etc.) to sites where the Site Identity button is a gray padlock with a yellow warning triangle icon.

Gray padlock with a red strike over it

A padlock with a red strike over it indicates that the connection between Firefox and the website is either unencrypted or only partially encrypted. The connection doesn’t prevent against eavesdropping or man-in-the-middle attacks. This icon only appears if you’ve manually deactivated mixed content blocking or if you visit an unencrypted (HTTP) page where a username or password can be entered.

A padlock with a red strike over it indicates that the connection between Firefox and the website is either delivered using an insecure protocol (HTTP or FTP) or that it is only partially encrypted because you've manually deactivated mixed content blocking. The site doesn't prevent against eavesdropping or man-in-the-middle attacks.

Do not send any sort of sensitive information (bank information, credit card data, social security numbers, etc.) to sites where the Site Identity button is a gray padlock with a red strike over it.
// These fine people helped write this article:AliceWyman, Chris Ilias, philipp, Underpass, novica, Tonnes, Michele Rodaro, Michael Verdi, gerv, scoobidiver, John99, TyDraniu, ahmed, Joergen, cammy_the_block, tanvi, Lan, grubert, scootergrisen, Joni, Artist, Parmveer, Élie Michel, Alexander Dmitriev, Mkll, Lamont Gardenhire. You can help too - find out how.

Was this article helpful? Please wait...

Volunteer for Mozilla Support