cancel
Showing results for 
Search instead for 
Did you mean: 

How do I tell if my connection to a website is secure?

The Site Identity button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website and who verified that they own it. This should help you avoid malicious websites that are trying to obtain your personal information.

The Site Identity button is in the Location bar to the left of the web address.

site identity site identity fx39 Linux en

When viewing a website, the Site Identity button will be one of five icons - a gray globe, a gray warning triangle, an orange warning triangle, a gray padlock, or a green padlock. Clicking on these icons will display identity and security information about the website.

identity icons toc order

Clicking on the More Information button on the pop-up panel will show more details about the privacy and security settings of that site, such as certificate information, cookies and your saved password history.

The Site Identity button appears in your address bar to communicate security information about sites you visit. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website and who verified that they own it. This should help you avoid malicious websites that are trying to obtain your personal information.

site identity

The Site Identity button is in the address bar to the left of the web address. Most commonly, when viewing a website, the Site Identity button will be either a gray globe or a green padlock.

http globe desktop green lock 42

However, in some rarer circumstances, it may also be a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough.

blocked secure 42 orange triangle grey lock 42 unblocked mixed content 42

Clicking the Site Identity button brings up the Control Center, which allows you to view identity information about the site and to change security settings.

The Site Identity button (a padlock) appears in your address bar when you visit a secure website. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.

site identity

The Site Identity button is in the address bar to the left of the web address. Most commonly, when viewing a secure website, the Site Identity button will be a green padlock.

green lock 42

However, in some rarer circumstances, it may also be a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough.

blocked secure 42 orange triangle grey lock 42 unblocked mixed content 42

Note: Clicking the Site Info button button at the left of the address bar brings up the Control Center, which allows you to view more detailed information about the connection's security status and to change some security and privacy settings.

Gray globe

A gray globe indicates:

  • The connection between Firefox and the website is not encrypted and should not be considered safe against eavesdropping.
  • The website does not supply identity information.

grey globe fx29 grey globe fx39 Linux en

Many websites will have the gray globe because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity button should not be a gray globe icon.

Gray warning triangle

A gray warning triangle indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is only partially encrypted, doesn't prevent eavesdropping and is not fully secure because it contains unencrypted elements (such as images, video or audio). Other people can view or modify these elements, but not the main web page content (such as text).

grey triangle grey triangle fx39 Linux en

Orange warning triangle

An orange warning triangle indicates:

  • The website does not supply identity information.
  • The connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. The website contains interactive content that isn't encrypted (such as scripts). Other people can view your information or modify the website's behavior.

orange triangle fx29 orange triangle fx39 Linux en

It implies that you've previously allowed the mixed active content served over HTTPS to be loaded, displayed or executed for the website despite the risks. See Mixed content blocking in Firefox.

Going to another website in the current tab and then going back or re-visiting the website in a new tab will block back certain HTTP requests to lower threats, change the icon to its previous state (a gray warning triangle for mixed passive content and gray or green padlock otherwise) and display the content mixer shield icon. For information about the mixed content block, see Mixed content blocking in Firefox.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity button should not be an orange warning triangle icon.

Gray padlock

A gray padlock indicates:

  • The website's address has been verified.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

grey lock fx29 grey lock fx39 Linux en

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that the domain is not being spoofed. For example, FacebookWikimedia Foundation has this sort of certificate and an encrypted connection, so the Site Identity button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to facebook.comwikipedia.org as certified by VeriSign Inc.GlobalSign nv-sa. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your FacebookWikipedia login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that facebook.comwikipedia.org is actually owned by Facebook the companyWikimedia Foundation. The only things that are guaranteed are that the domain is a valid domain, and that the connection to it is encrypted.

Green padlock

A green padlock indicates:

  • The website's address has been verified using an Extended Validation (EV) certificate.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

green lock fx29 green lock fx39 Linux en

A green padlock plus the name of the company or organization in green means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity button assures you that paypal.commozilla.org is owned by Paypal Inc.Mozilla Foundation, for example. Not only does the padlock turn green on the Paypal siteMozilla official website, it also expands and displays the name of the owner in the button itself.

Gray globe

A gray globe indicates that the connection between Firefox and the website is not encrypted, and therefore should not be considered safe against eavesdropping or man-in-the-middle attacks.

globe url bar 42

Many websites will have the gray globe because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray globe icon.

Warning: You should never send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to a website without the padlock icon in the address bar - in this case it is neither verified that you are communicating with the intended website, nor is your data safe against eavesdropping!

Green padlock

A green padlock (with or without an organization name) indicates that:

  • You are definitely connected to the website whose address is shown in the address bar; the connection has not been intercepted.
  • The connection between Firefox and the website is encrypted to prevent eavesdropping.

green lock address bar 42

A green padlock plus the name of the company or organization, also in green, means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.

site identity site identity fx39 Linux en

For sites using EV certificates, the Site Identity button displays both a green padlock and the legal company or organization name and location of the owner of the website, so you know who is operating it. For example, it shows that mozilla.org is owned by the Mozilla Foundation.

Green padlock with gray warning triangle

A green padlock with a gray warning triangle blocked secure 42 indicates that the site is secure; however, Firefox has blocked insecure content and so the site may not necessarily display or work entirely correctly. See Mixed content blocking in Firefox for more information. This is a problem the site developer needs to resolve.

Gray padlock with yellow warning triangle

A gray padlock with a yellow warning triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping.

grey lock yellow tri url bar 42

For information about what "partially encrypted" means, see Mixed content blocking in Firefox. This is a problem the site developer needs to resolve.

Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a yellow warning triangle icon.

Gray padlock with red strikethrough

A gray padlock with red strikethrough indicates that the connection between Firefox and the website is only partially encrypted and doesn’t prevent against eavesdropping or man-in-the-middle attacks.

lock red strikethrough 42

This icon will not appear unless you’ve manually deactivated mixed content blocking.

Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray padlock with red strikethrough icon.

Customize this article

Firefox

Firefox for Android

Firefox for iOS

Firefox OS

Thunderbird

Version History
Revision #:
3 of 3
Last update:
3 weeks ago
Updated by:
 
Comments

See /forums/knowledge-base-articles/705118 for related discussions about this article.

SenseiC

Since the Site Identity Button article is locked... and thus no real mechanism to provide feedback, I figured I would create a thread to offer some feedback [NOT intended to irritate, but if it irritates folks, oh well] on the change of the status bar / padlock change.

You've already seen comments about color blindness, etc. (which ends up more of "insult piled upon injury" considering my observation) so I won't "go there", but I find many sites that fall under the "basic identity information" category show up as the same color of "blue" as the rest of the border. For example THIS page the difference between the two: Button color: (H: 214, S: 14, B: 95) vs. Border color: (H: 215, S: 12, B: 93)

The color's so close that I confess hadn't even noticed that the button on something like CNN is white. (my financial institution actually presents their own "lock" symbol on the login page).

IMHO it's absurd to have to install an add-on to get a more obvious indicator. I (basically) understand the reason behind the "three tiers", but you REALLY need an OBVIOUS indicator of some sort. Browser security is far too important for you to have implemented the "new mechanism" in such a blasé manner.

Sensei bows out.

Hi Sensei, You're in the right place to provide feedback on the article. I'll pass your comments on to the UX team but to answer some of your concerns, there are actually two things besides color that we do to indicate a secure site:

  1. When a site uses "https" we show it in the location bar. For regular "http" sites we hide that part of the url.
  2. When a site uses "https" the shape of the Site Identity button is different. For a regular http site, the button is the size of the favicon. For an https site the button includes both the favicon and domain name.
SenseiC

Well I will freely admit I never noticed (paid attention) to the http getting hidden and https getting displayed (just double-checked it... sure enough!).

As for the "shape of the Site Identity button" differing, I would counter that while YOU (and now I too) know that, that change doesn't convey any MEANING whereas the addition of the proverbial "lock" icon does clearly indicate something even when you don't entirely understand the significance.

SenseiC

leibovic

Hi there,

I filed bug 716908 about this issue, but I was told this is the place where these things get fixed. The screenshots in the article are out of date as of Firefox 6, and it would be great if someone updated them! :)

Thanks, Margaret

Hi, leibovic,

I looked over all of the screenshots that show up in the article, when "Windows" and "Firefox 9" is selected under the Article is for section (bottom right sidebar) but they look OK to me. Could you point out what needs to be updated?

leibovic

It looks like the screenshots are wrong for both Windows and Mac OS X for all modern versions of Firefox. I know it may seem subtle, but in these versions, the colors of the site identity button are lighter now, and the edges of the button extend all the way to the edge of the location bar (there isn't white space surrounding it anymore). You can see the difference here: http://people.mozilla.com/~mleibovic/img/identity-block.png.

Hi Margaret, Do you remember what version this changed in? It is pretty subtle but easy enough to fix.

leibovic

This changed in Firefox 6.

Raficus

I second @SenseiC, there is a strength in the simplicity of the padlock.

I was looking online (googling) but could not find any justification or argument as to why this was changed. I don't think that such a difference would be accidental. Would someone know the reasoning behind this change? I refuse to believe FireFox UX team made this decision purely on graphical grounds.

For the background on this article, see also:

Copied from https://support.mozilla.org/forums/knowledge-base-articles/708310 Article titles and slugs workshop

AliceWyman said

2. How do I tell if my connection to a website is secure?

I think the current title is OK (we could add more information to the summary, to help with searches) but to better describe the article, I would maybe rename it "How to use the Site Identity security feature in Firefox" or "How do I use the Site Identity website icon in the Firefox Location bar?"

I just noticed that, when you click the "Identity" button and click "More Information", it takes you to the Page Info window - View technical details about the page you are on's Security panel, where the first box is titled Website Identity. (related to Bug 385452 - Use "website" instead of "web site" or "site" in UI, dup'ed to bug 685302). The article should probably be renamed "Website Identity button" (not sure if "button" needs to be capitalized). If you want to frame the article title as a question, maybe "How to use the Website Identity security feature in Firefox" or "How do I get identity information about websites I visit?"

Verdi said

I'm not sure people are looking for a website's identity but they may be looking for whether it's secure or not. What about something like:

For Firefox 14 updates to this article, see

Wawuschel

Hi,

I can't reproduce this...

https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure#w_gray-warning-triangl...

I see only the gray globe - never the gray triangle: ➔ http://d.pr/i/2cv8

What do I wrong?

Andy

cammy_the_block
cammy_the_block

How can I take a screenshot of the popup that displays the sites security information when you click on the security information button. For me when I try to take a screenshot, the box closes then the screenshot is taken. I am running Ubuntu 14.04. How have other people taken screenshots without it closing?

Hello,

Thanks for submitting a revision! I use Snapz Pro X to take screenshots. It doesn't close the window when I use the keyboard shortcut to take a picture.

You can get a free trial if you want to check it out. Otherwise, I can take a screenshot for you - just send me a link to the site that you want to take a picture of.

Let me know what you prefer. I'll wait to hear back before I approve your revision.

cammy_the_block

Sure, I was trying to take a picture of https://www.dailymotion.com/us which displays the gray warning triangle. If you can add it into my revision that'd be great. Sorry about the late response. Thanks!

I've added the screenshot. Please let me know if there's anything else I can help with.

Thank YOU for updating this article! Joni

The text in the article takes about 5 icons but there are only 4 icons on the image. Identity Icons Fx23 Image:Identity Icons Fx23

I just added the grey triangle to the site icons.

Maybe the grey triangle should be as number 2 in the image to match the text order and triangles together.

Bsteele

Hi, another useful way is to press crtl and the prt sc key on your keyboard then open Microsoft word and right click and press paste on the black page .You should then have a nice screen shot.. I hope this helps

Ryan_Weaber

Hi, cammy_the_block!


Lightshot (imgur.com) is a very good screenshot tool. It lets you crop, and more! All you need to do is press the Keys [FN] and [PRTSC], and the box won't close :) If you need anything else you can send me a message :)

Missing image with orange triangle for Firefox 29.

Example webpages with orange triangle to take a screenshot (you have to enable mixed content first):

https://people.mozilla.org/~mkelly/mixed_test.html

https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm

underpass

Hello,

By chance I've found that the dialog in version 41 has changed:

Probably it is necessary to change this article, and maybe other articles, too.

Thanks for your attention.

I added a "Needs change" entry for Fx41.

Hi,

This is backward for IMO. Now in 41 we want 2 clicks to see the info (secure connection and verified), in 40 and previous with 1 click is fine. :(:(

anyway....probably developers knows something more

dmitriev

The third sentence in the article introduction: "This should help you avoid malicious websites that are trying to obtain your personal information." What is intended here? Is this correct? In what way information about encryption, site verification and site's owner helps to avoid websites that are trying to obtain personal information?

the green padlock seems to be used for all secure connections now and is no longer related to ev certs in particular - our description doesn't seem to properly reflect that (& also talks about a grey padlock that is no longer used)...

I added a "Needs change" entry, [Fx42] Review section about green padlock (see discussion)

P.S I added "[Attn: Admin (Joni)]" to the thread title, to review the changes that were made for fx42: https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure/compare?locale=en-US&t...

Thanks for revising and flagging this, Alice and Philipp. I agree that the green padlock section looks strange and a little thin.

I've added a little bit more detail about the difference between green padlock icon and the green padlock icon with the org name. I've also removed the grey padlock mention. The green padlock with the organization name replaces the grey padlock.

I was pinged by one of our localizers and decided to get a response from the KB editors regarding the style and complexity level of this article, since there seem to be two competing views, resulting in frequent changes to the way the article explains the security features.

Some edits make this article very accurate and rather technical, possibly harder for the mythical "average reader". Other edits simplify it to make it more accessible, at the cost of technical accuracy.

One could say it's ultimately up to Joni to decide what it should sound like, but since everyone creates the KB equally, what is your take on it?

vesper said

I was pinged by one of our localizers and decided to get a response from the KB editors regarding the style and complexity level of this article, since there seem to be two competing views, resulting in frequent changes to the way the article explains the security features. Some edits make this article very accurate and rather technical, possibly harder for the mythical "average reader". Other edits simplify it to make it more accessible, at the cost of technical accuracy. One could say it's ultimately up to Joni to decide what it should sound like, but since everyone creates the KB equally, what is your take on it?

The History of this article shows that recent changes were either written or approved by Joni. I added [Attn: Admin - Joni] to the thread title.

There will always be competing views on how articles should be written. I think we should try to balance simplicity with technical accuracy. I think the complexity level of this article is about right for the subject matter ... except the the word encrypted appears multiple times and could use a reference (we could link to https://en.wikipedia.org/wiki/Encryption for a definition).

In his comment for the Nov 17, 2015 edit, gerv - Gervase Markham: https://mozillians.org/en-US/u/gerv/ - wrote, Update to fix some errors and simplify and clarify the text (I help run Mozilla's certificate program). That edit was approved by Joni. I just approved follow-up edits by Artist and Tonnes but those didn't change the way the article explains security features.

KimLudvigsen

Line 89: "Although all websites are encouraged to provide encrypted connections for their users, some websites still have the gray globe. "

So, now we are scaring people, telling them that some 98 percent of all websites are not adhering to security advice?

May I suggest the old text without the last paragraph in it: Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Kim Ludvigsen said

May I suggest the old text without the last paragraph in it: Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

I have a pending revision to make the change you suggested except, I changed "Most" to "Many".

To Joni and vesper, see also this thread started by Kim Ludvigsen on November 28, 2015 9:13:50 PM EST:

https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure/discuss/6399 Scaring people with wrong information (Gray globe)

This is about a change made to this article for fx42 in the Nov 17, 2015 revision approved by Joni. I have an edit pending review based on the suggestion made in that thread.

AliceWyman said

Kim Ludvigsen said
May I suggest the old text without the last paragraph in it: Most websites will have the gray globe, because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

I have a pending revision to make the change you suggested except, I changed "Most" to "Many".

Kim, Alice, correct done, thank you.

firefox 45 seems to remove the globe as a site indicator for normal http sites - instead there is an info button shown under all circumstances (also in addition to the lock symbol). https://bugzilla.mozilla.org/show_bug.cgi?id=1206244

I set up a Needs change entry: [Fx45] globe is removed as a site indicator (bug 1206244)

This article has a "See also" link to Control Center - manage site privacy and security controls which will also need updating.