If you are entering sensitive personal data on a page, look for a lock icon to the left of the site’s URL in the address bar to see if the site uses SSL. SSL certificate is a protocol that provides an encrypted tunnel between your computer and the site you are viewing. Sites can use SSL to prevent third parties from interfering with the information traveling through the tunnel.
Website Security Indicator Using an SSL Certificate
Icon | What it means |
---|---|
The site is not using SSL. Most sites do not need to use SSL because they do not handle sensitive information. Avoid entering sensitive information, such as usernames and passwords, on the page. | |
Google Chrome has successfully established a secure connection with the site.Look for this icon and make sure the URL has the correct domain, if you are required to log in to the site or enter sensitive information on the page.If a site uses an Extended Validation SSL (EV SSL) certificate, the organization’s name also appears next to the icon in green text. Make sure the browser is set to check for server certification revocation to identify sites with EV SSL certificates. | |
The site uses SSL, but detected insecure content on the page. Be careful if you are entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page. | |
The site uses SSL, but detected high-risk insecure content on the page or problems with the site’s certificate. Do not enter sensitive information on this page. Invalid certificate or other serious http issues could indicate that someone is attempting to tamper with your connection to the site. |
SSL warning messages
You might get a warning message when detects the site you are visiting might be harmful to your computer.
Warning message | What it means |
---|---|
This is probably not the site you are looking for! | This message appears when the URL listed in the site’s certificate does not match the site’s actual URL. The site you are trying to visit may be pretending to be another site. |
The site’s security certificate is not trusted! | The site’s security certificate is not trusted error appears if the certificate was not issued by a recognized third-party organization. Since anyone can create a certificate, Google Chrome checks to see whether a site’s certificate came from a trusted organization. Learn more about this warning |
The site’s security certificate has expired! or The server’s security certificate is not yet valid! |
These messages appear if the site’s certificate is not up-to-date. Therefore, Google Chrome cannot verify that the site is secure. |
The server’s security certificate is revoked! | The server’s security certificate is revoked error appears if the third-party organization that issued the site’s certificate has marked the certificate as invalid. Therefore, Google Chrome cannot verify that the site is secure. |
See more details about the site
Click theicon or the lock icon to see even more details about the site’s identity, your connection, and your visit history for the site.
Site identity
Sites using SSL present security certificates to the browser to verify their identity. Anyone can set up a website pretending to be another site, but only the real site possesses a valid security certificate for the URL you are trying to reach. Invalid certificates could indicate that someone is attempting to tamper with your connection to the site.
Icon | What it means |
---|---|
The site’s certificate is valid and its identity has been verified by a trusted third-party authority. | |
The site has not provided the browser with a certificate. This is normal for regular HTTP sites (look for theicon in the address bar), because certificates are usually provided only if the site uses SSL. | |
Google Chrome has detected problems with the site’s certificate. You should proceed with caution because the site may be pretending to be another site in order to trick you into sharing personal or other sensitive information with them. |
Your connection to the site
Lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.
Icon | What it means |
---|---|
Successfully established a secure connection with the site you are viewing. | |
Site is not encrypted. This is normal for regular HTTP sites (look for the icon in the address bar). | |
Site is encrypted, but detected mixed content on the page. Be careful if you are entering information on this page. Mixed content can provide a loophole for someone to manipulate the page. This content could be third-party images or ads embedded on the page. | |
Site is encrypted, but detected mixed scripting on the page. Be careful if you are entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.If you are connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks. |
Visit history
This will show if you have ever visited the site before. However, if you have cleared cache and cookies, the visited history is also cleared.
Icon | What it means |
---|---|
You have visited the site before, so chances are you trust this site. | |
You have never visited this site before. This message is normal if you know this is true. However, if the site looks familiar and you did not clear your browsing history recently, it may be pretending to be another site. Please proceed with caution. |