How do I tell if my connection to a website is secure?

No one has helped translate this article yet. If you already know how localizing for SUMO works, start translating now. If you want to learn how to translate articles for SUMO, please start here.

The Site Identity Button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to obtain your personal information.

The Site Identity Button is in the Location bar to the left of the web address.

Site Identity Block 14 - Win Site Identity Block - Mac Site Identity Block 14 - Lin site identity

When viewing a website, the Site Identity Button will be one of five icons - a gray globe, a gray warning triangle, an orange warning triangle, a gray padlock, or a green padlock. Clicking on these icons will display identity and security information about the website.

identity icons toc order

Clicking on the More Information button on the pop-up panel will show more details about the privacy and security settings of that site, such as certificate information, cookies and your saved password history.

Gray globe

A gray globe indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is not encrypted or only partially encrypted and should not be considered safe against eavesdropping.

YouTube - Gray globe - Win YouTube - Gray globe - Mac YouTube - Gray globe - Lin

grey globe fx29

Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections. It applies to websites served over HTTP (not encrypted) or HTTPS (partially encrypted).

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be a gray globe icon.

Gray warning triangle

A gray warning triangle indicates:

  • The website does not supply identity information.
  • The connection to this website is not fully secure because it contains unencrypted elements (such as images).

grey triangle

Orange warning triangle

An orange warning triangle indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping.

itunes - Orange warning triangle - Win

orange triangle fx29

It implies that you've previously allowed the mixed active content served over HTTPS to be displayed for the website despite the risks.

Reloading the website will block back certain HTTP requests to lower threats, change the icon to its previous state (gray globe for mixed passive content and gray padlock otherwise) and display the content mixer shield icon. For information about the mixed content block, see How does content that isn't secure affect my safety?.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be an orange warning triangle icon.

Gray padlock

A gray padlock indicates:

  • The website's address has been verified.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

Facebook - Gray padlock - Win Facebook - Gray padlock - Mac Facebook - Gray padlock - Lin

grey lock fx29

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, Facebook has this sort of certificate and an encrypted connection, so the Site Identity Button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to facebook.com as certified by VeriSign Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your Facebook login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that facebook.com is actually owned by Facebook the company. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.

Green padlock

A green padlock indicates:

  • The website's address has been verified using an Extended Validation (EV) certificate.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

PayPal - Green padlock - Win PayPal - Green padlock - Mac PayPal - Green padlock - Lin

green lock fx29

A green padlock plus the name of the company or organization in green means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the padlock turn green on the Paypal site, it also expands and displays the name of the owner in the button itself.


Share this article: http://mzl.la/1BAQynY

Was this article helpful? Please wait...

These fine people helped write this article: AliceWyman, Chris_Ilias, Tonnes, Verdi, scoobidiver, John99, foxytechguy, cammy_the_block, upwinxp, grubert, scootergrisen, jsavage, Artist, Parmswagga, eliemichel. You can help too - find out how.