How to Determine If a Website Is Legit and Safe to Use

Screenshot of Phishing attack warning in Chrome

2018 was another year of online scams and data breaches, so it’s no wonder if you feel paranoid about the website that you are visiting. It is important for you to know that a website is safe before using it, and especially before sharing sensitive data, such as credit card information, with the site.

There are many signals that can help you determine whether a website is safe to use or not. When surfing the web, watch out for these signals.

How Invasive is the Advertising?

This one requires a bit of intuition and detective work, but you can often tell the credibility of a site by the amount and type of advertising it has. Occasional banners like you see here on MTE and many other sites are standard practice (we have to make our money somehow!), but there are certain types of ads that you should read as a red flag. Even if these types of ads don’t make a site “malicious”, they imply poor site management and therefore you should be very cautious when browsing them.

Is Website Safe To Use Advertising Pop Ups

Pop-up ads: Good websites don’t host pop-up ads. If new windows containing ads happen, then that’s a bad sign.

Interactive ads: Ads that require you to do things like answer questions and surveys for third parties.

Redirecting ads: Many less reputable sites have banners with “Download” buttons that look like they should download the thing you want to download, but end up redirecting you to some other sneakily advertised software. If a site’s doing this, or is unclear about what you’re downloading from it, then you should take your browsing elsewhere.

Do Trust Seals Mean Anything?

A trust seal is usually represented by a badge in one of the corners of a web page, which you can then click to link through to the seal provider’s website. There are numerous providers of these seals, like VeriSign, PayPal Verified, TrustE and more.


The thing is, it’s easy for any scam website to just copy-and-paste the images for these seals and plaster them onto their website. They’d be breaking the law under Fair Use, of course, but they’re scammers anyway. Why should they care? Unless the seal links through to the actual site, which it rarely does, you just can’t be sure.

Also be wary of things like “Microsoft Certified” or Norton or McAfee-secured. Microsoft Certified is basically meaningless, while the latter can be used on any website that doesn’t contain an actual virus. It doesn’t mean that that site won’t run off with your card details if you hand them over.

A seal like the ones you see above may or may not mean something, and you shouldn’t take them at face value but click through and research the seal providers.

Does the Website Use HTTPS?

HTTPS is compulsory for any website, whether is is an e-commerce site or a simple blog. HTTPS prevents man in the middle attacks, such as phishing attacks or spoofing, by encrypting traffic to and from the server.


On websites that use HTTPS, the browser will display a green padlock in the address bar. On some websites, you may see the company name also indicated along with the green padlock. This is a stronger signal than just the green padlock for judging website security, because it helps you trust that the entity behind the website is legit.


Right now, browsers show a “Not Secure” warning on HTTP webpages that contain forms, such as login forms. Refrain from entering your information on such webpages as that provides an easy way for third party hacker to sniff and steal your passwords or credit card information.

Firefox shows an insecure warning on forms that are loaded over HTTP

In the near future, browsers will show the notice by default for all webpages loaded over HTTP, regardless of whether they collect sensitive information or not.

Screenshiot of the "Not Secure" notice in Chrome

Note: The presence of the green padlock does not indicate that a website will not use your data for malicious purposes. It just means that the information that is loaded on the webpage or submitted to the server will not be intercepted, stolen or modified by a third party. Phishing websites can also implement HTTPS to appear to be legitimate.

If you are a site owner or administrator, Let’s Encrypt and Cloudflare provide a quick, easy and free way to implement HTTPS on your website.

Lookout for a privacy policy

A good website will have a privacy policy that explains how it will use the data that it collects from its users. This will usually include information on how they keep your data, if they share your data with third parties and how you can request the deletion of your data. Make sure to read this document before submitting any personal data or making a purchase.

Locate the website’s return policy

If you’re shopping online, make sure the website you’re buying from has a return policy. If you’re not satisfied with your purchase, you can easily return it and get a full refund.

Make sure the entity behind the website is real

Look for social signals that the individual or company behind a website is real. A physical address and phone number provides some social proof. If this information is not on the website, try performing a whois lookup here to find out who owns the domain, where and when the site was registered, contact information, and more.

Pay attention to browser warnings

Screenshot of insecure website notice in Firefox

When a website has been compromised, the browser will usually notify you and advise that you do not continue on to the site. It is important to exit unsafe websites immediately to protect your data from being stolen.

Run a website safety check

Screenshot of Virus Total

If you want to check if a specific website is safe, some website safety checkers, such as VirusTotal, exist to help you do just that. All you need to do is write out the URL of the site in the input field provided and hit Enter.

Wrap Up

There is no guarantee that a website that has all the signals above will not steal your data, but having these signals is a good sign that the website has legitimate origins and that its contents has not been compromised by a third party.


  1. Black padlock, green padlock, as long as there’s a padlock, the server is secure!

    if the site’s domain begins with ‘www’ that’s fine. Make sure ‘https://‘ is next to the ‘www’ for secure SSL encryption.

  2. I meant to click “yes this was helpful” instead of no 😭 this was very helpful, and I’m gonna use virustotal from now on

  3. Thank you very much for this article.
    My only concern as a novice technologically, from a quick read on my phone just now, is that sometimes I will use a computer at a community center and get an unsafe warning regarding my local library’s website – which is located a 5 minute walk away! Or I may be at that library and get an unsafe warning from my very favorite Pacifica Public Non-Corporate Radio which I listen to each and every day! I guess when using public computers, in purportedly liberal California, those organizations can have their own built-in biases, therefore we’d have to adjust for that.
    Furthermore, what pops up on the computers, when we hover over the tiny monitor in the right corner of the screen is this message:
    “”Currently connected to:
    Internet Access
    Open Network and Sharing Center””
    Despite CA’s extensive “privacy” laws.

Comments are closed.