Compare Revisions
How do I tell if my connection to a website is secure?
Revision 221148:
Revision 221148 by AliceWyman on
Revision 221518:
Revision 221518 by AliceWyman on
Keywords:
secure https padlock lock grey
secure https padlock lock grey
Search results summary:
Firefox uses a padlock icon next to a website's URL to let you know your connection is encrypted. Click on the icon for more information.
Firefox uses a padlock icon next to a website's URL to let you know your connection is encrypted. Click on the icon for more information.
Content:
When you visit a website, the Site Identity button (a padlock) appears in the address bar to the left of the web address. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.
{for not fx89}[[Image:FF70 Gray Padlock]]{/for}{for fx89}[[Image:Fx89AddressBarPadlock]]{/for}
When viewing a secure website, the Site Identity button will be a {for not fx89}gray {/for}padlock. In a few cases, however, you may see a {for not fx89}gray {/for}padlock with a warning triangle {for not fx89}[[Image: orange triangle grey lock 42]]{/for}{for fx89}[[Image:Fx89Padlock-Triangle]]{/for} or a {for not fx89}gray {/for}padlock with a red strike over it {for not fx89}[[Image:unblocked mixed content 42]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine]]{/for}.
{note}Clicking the padlock {for not fx89}[[Image:Fx70GreyPadlock]]{/for}{for fx89}[[Image:Fx89Padlock]]{/for} to the left of the address bar brings up the [[Site Information panel|Site Information panel]], which allows you to view more detailed information about the connection's security status.{/note}
{/for}
__TOC__
{warning}'''Warning:''' You should never send any sensitive information (such as bank information, credit card data or social security numbers) to a website if the address bar shows a padlock with a warning triangle or red strike over it. In such cases, you may not be communicating with the intended website and your data isn't safe against eavesdropping!{/warning}
=Padlock=
A {for not fx89}grey {/for}padlock {for not fx89}[[Image:Fx70GreyPadlock]]{/for}{for fx89}[[Image:Fx89Padlock]]{/for} with no warning triangle or red strike over it indicates that:
*You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
*The connection between Firefox and the website is encrypted to prevent eavesdropping.
Click the padlock to find out if the website is using an [https://en.wikipedia.org/wiki/Extended_Validation_Certificate Extended Validation (EV) certificate]. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.
For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock.
=Padlock with a warning triangle=
A {for not fx89}grey {/for}padlock with a warning triangle {for not fx89}[[Image: orange triangle grey lock 42]]{/for}{for fx89}[[Image:Fx89Padlock-Triangle]]{/for} indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. By default, Firefox does not block insecure passive content such as images; you will simply see a warning that the page isn't fully secure. For more information, see [[Mixed content blocking in Firefox]].
{note}Do not send any sensitive information to sites where the Site Identity button is a padlock with a warning triangle.{/note}
A {for not fx89}grey {/for}padlock with a warning triangle also appears for [[What do the security warning codes mean?|website certificate warnings]], such as for sites with self-signed certificates or certificates that aren’t issued by a trusted authority. This is a problem the site developer needs to resolve.
=Padlock with a red strike over it=
A {for not fx89}grey {/for}padlock with a red strike over it {for not fx89}[[Image:unblocked mixed content 42]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine]]{/for} indicates that the connection between Firefox and the website is either delivered using an insecure protocol (HTTP or FTP) <!--https://blog.mozilla.org/security/2019/10/15/improved-security-and-privacy-indicators-in-firefox-70/--> or that it is only partially encrypted because you've manually deactivated [[Mixed content blocking in Firefox|mixed content blocking]]. The site doesn't prevent against eavesdropping or [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks].
{note}Do not send any sensitive information to sites where the Site Identity button is a padlock with a red strike over it.{/note}
When you visit a website, the Site Identity button (a padlock) appears in the address bar to the left of the web address. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.
{for not fx89}[[Image:FF70 Gray Padlock]]{/for}{for fx89}[[Image:Fx89AddressBarPadlock]]{/for}
When viewing a secure website, the Site Identity button will be a {for not fx89}gray {/for}padlock. In a few cases, however, you may see a {for not fx89}gray {/for}padlock with a warning triangle {for not fx89}[[Image: orange triangle grey lock 42]]{/for}{for fx89}[[Image:Fx89Padlock-Triangle]]{/for} or a {for not fx89}gray {/for}padlock with a red strike over it {for not fx89}[[Image:unblocked mixed content 42]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine]]{/for}.
{note}Clicking the padlock {for not fx89}[[Image:Fx70GreyPadlock]]{/for}{for fx89}[[Image:Fx89Padlock]]{/for} to the left of the address bar brings up the [[Site Information panel|Site Information panel]], which allows you to view more detailed information about the connection's security status.{/note}
{/for}
__TOC__
{warning}'''Warning:''' You should never send any sensitive information (such as bank information, credit card data or social security numbers) to a website if the address bar shows a padlock with a warning triangle or red strike over it. In such cases, you may not be communicating with the intended website and your data isn't safe against eavesdropping!{/warning}
=Padlock=
A {for not fx89}grey {/for}padlock {for not fx89}[[Image:Fx70GreyPadlock]]{/for}{for fx89}[[Image:Fx89Padlock]]{/for} with no warning triangle or red strike over it indicates that:
*You’re definitely connected to the website whose address is shown in the address bar and the connection hasn’t been intercepted.
*The connection between Firefox and the website is encrypted to prevent eavesdropping.
Click the padlock to find out if the website is using an [https://en.wikipedia.org/wiki/Extended_Validation_Certificate Extended Validation (EV) certificate]. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.
For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock.
=Padlock with a warning triangle=
A {for not fx89}grey {/for}padlock with a warning triangle {for not fx89}[[Image: orange triangle grey lock 42]]{/for}{for fx89}[[Image:Fx89Padlock-Triangle]]{/for} indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. By default, Firefox does not block insecure passive content such as images; you will simply see a warning that the page isn't fully secure. For more information, see [[Mixed content blocking in Firefox]].
{note}Do not send any sensitive information to sites where the Site Identity button is a padlock with a warning triangle.{/note}
A {for not fx89}grey {/for}padlock with a warning triangle also appears for [[What do the security warning codes mean?|website certificate warnings]], such as for sites with self-signed certificates or certificates that aren’t issued by a trusted authority. This is a problem the site developer needs to resolve.
=Padlock with a red strike over it=
A {for not fx89}grey {/for}padlock with a red strike over it {for not fx89}[[Image:unblocked mixed content 42]]{/for}{for fx89}[[Image:Fx89Padlock-RedLine]]{/for} indicates that the connection between Firefox and the website is either delivered using an insecure protocol ({for not fx88}FTP or {/for}HTTP) <!--https://bugzilla.mozilla.org/show_bug.cgi?id=1691890 FTP disabled in fx88 --> or that it is only partially encrypted because you've manually deactivated [[Mixed content blocking in Firefox|mixed content blocking]]. The site doesn't prevent against eavesdropping or [http://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attacks].
{note}Do not send any sensitive information to sites where the Site Identity button is a padlock with a red strike over it.{/note}