As we’ve discussed in this series, whether a website is HTTPS encrypted is represented in your web browser’s address bar by different signals and indicators, ranging from a padlock symbol to different types of text and colors. This article will explore how to identify these cues to help you determine if a website is secure.

Choose your web browser

There are many different web browsers that you can use to access the Internet, such as Google Chrome, Firefox, Safari, and Microsoft Edge. With respect to identifying whether a website is HTTPS encrypted, while there are some little differences in how each web browser displays this, they tend to utilize the same indicators:

Look for the “S:” 

Of course, a simple way to tell if a website is secured by HTTPS is to check the URL in your web browser and make sure it actually displays “https://”

 


The “Not Secure” indicator:

If you see this indicator next to a website URL this will mean that website is not secured with HTTPS. Therefore, you want to make sure you don’t enter any credit card or personal financial information into a form on this type of web page. Relevantly, as of this month, the Google Chrome browser will also highlight the indicator “Not Secure” with red letters if you attempt to enter any data into forms on these types of websites.

 

 

 

The “i,” or “info” indicator that doesn’t say “Not Secure”:

In some cases, web browsers will highlight websites that seem to be HTTPS encrypted with an “I” indicator. This indicates that some parts of the website may not be secured with HTTPS. You want to be wary about entering any sensitive information into forms on a website that display this signal.

 

 

The padlock:

This is the most common indicator for HTTPS encryption. A padlock demonstrates that the website is secured by HTTPS, and is generally safe for you to enter any credit card or financial information into a form.

In some web browsers, the padlock will be gray and in other web browsers, the padlock will be green, but as long as the padlock is there you can be sure that the website is secured by HTTPS.

 

 

The padlock and the “Secure” text:

Previous versions of web browsers paired the padlock symbol with the word “Secure” to show that a website was encrypted with HTTPS. Now that many tech companies are pushing for HTTPS to be the default for the web, today, web browsers will often display only the padlock when a website is encrypted with HTTPS. Still, every once in a while, you may encounter this combination.

 

 

The padlock and text of a company’s name:

A padlock paired with text of a company’s name often means the website is secured with HTTPS and that the website has an Organization Validation or Extended Validation certificate. As discussed in our previous article, this means that a Certificate Authority has done a background check for the organization that owns the website. Therefore, websites that display this padlock and text demonstrate a high degree of trustworthiness.  

 

 

The padlock, text of a company’s name, and a green bar:

Older versions of web browsers and some web browsers like Microsoft Internet Explorer will display the padlock symbol, the text of a company’s name, and a green bar when that website has an Extended Validation certificate. This implementation is less common with newer web browsers but it is something to keep in mind if you’re trying to identify a secure website:

 


Explore further

If you’re interested, you can also try clicking on the padlock icon next to the URL of a website. When you do that, you can learn more about the digital certificate for an HTTPS-encrypted website.

Finally, below, see some additional resources in identifying secure websites offered by the creators of commonly-used web browsers.

Google Chrome:

Mozilla Firefox:

Microsoft Edge:

Apple Safari:

Keeping in mind the future

As HTTPS becomes the norm, the companies that create web browsers may alter their signals for displaying when a website is secure. As you can see from the descriptions above, older versions of web browsers had slightly different signals for HTTPS than the ones that are used today. Therefore, it is important to keep in mind that technology is always changing, as are the norms around data security and the ways that websites show to you that content is secure. This said, by keeping these indicators in mind, you can be prepared to engage with the evolving digital world around you.

Our next piece in the series will do a deeper dive into how you can identify secure websites!

The articles in this series on website encryption, created to support National Cybersecurity Awareness Month, can be found at BBB.org/BBBSecure. Support for the program was made possible by our Corporate Trust Roundtable partners, Comcast and Facebook.