What Does the Padlock in My Browser’s Address Bar Mean?

Security Padlock Feature

Sometimes that little padlock in your browser’s address bar changes color, gets an extra symbol layered on top of it, or turns into text. Its basic function is pretty obvious: a normal padlock means the site is safe, while a warning symbol or message means it’s not safe, right? Actually, it’s a bit more complex than that, since the padlock only shows you whether your connection to the site is encrypted with HTTPS and doesn’t provide much insight at all into whether the site itself is legitimate and/or completely secure.

What the “secure” padlock tells you

Security Padlock Ssl Figure

Chrome/Chromium(Security Padlock Chrome Icon), Firefox(Security Padlock Firefox Icon), Edge(Security Padlock Edge Icon), and Safari(Security Padlock Safari) all have slightly different versions of the “safe” padlock, but they’re all telling you basically the same thing: this site has received an SSL certificate and is encrypting the data it sends you and the data you send back using HTTPS. That means anyone intercepting your traffic won’t be able to see what you’re doing on the site, which is especially important when you’re doing things like entering credit card numbers or personally identifiable information.

In a word, a normal padlock icon lets you know that you’re safely connected to the correct site.

What the “secure” padlock doesn’t tell you

For those of you not up to speed on SSL certificates, they’re digital proofs that the site you’re visiting was registered with a certificate authority by the person or company that owns the site. These entities can opt to pay for a more expensive certificate (an “Extended Validation” or “EV” certificate) that checks to make sure they really are who they say they are (e.g., Amazon.com is owned by the Amazon.com corporation), but pretty much anyone can get their hands on a normal SSL certificate for free without proving anything beyond their ownership of the site.

Security Padlock Sketchy Website

So while your connection to the site is safe from prying eyes, the site could easily be run by someone sketchy who will take all your safely-transmitted data and do whatever they want with it. Even if the website is being honestly run, though, an encrypted connection means nothing if one of the parties receiving the data is compromised. HTTPS only covers data while it’s being transmitted, so if it gets to the other end and gets stored on a server with poor security or some other fatal flaw, it’s vulnerable.

Bottom line: the padlock means you’re on a safe connection, not a safe website.

All those other padlock symbols

While pretty much every browser uses some form of a closed gray padlock to denote an encrypted connection, different browsers show you different icons depending on what issues they detect on the site you’re visiting. Here are a few you should know:

Chrome

The “Not Secure” (Security Padlock Chrome Not Secure) message replaces the padlock when you’re on an HTTP page or something else is amiss. You can click on the message for more details. If you start typing on an HTTP page, it’ll turn red to emphasize that the data you’re entering might not be transmitted securely.

Firefox

Firefox’s “Not Secure” message comes in the form of two different symbols: a yellow triangular warning symbol displayed over the padlock (Security Padlock Icon Yellow Triange) and a red bar crossing out the padlock (Security Padlock Firefox Red Bar). These both mean that the site is insecure, but in slightly different ways:

  • The yellow triangle (Security Padlock Icon Yellow Triange) can mean two things: either the website is partially encrypted (meaning it uses HTTPS but some of the content is coming from an HTTP connection and could be manipulated), or the certificate authority isn’t trusted (meaning the site is using encryption, but its certificate seems shady).
  • The red bar (Security Padlock Firefox Red Bar) means the site is being delivered over an insecure connection (like HTTP), and you shouldn’t send any sensitive information.

If you’d like to dig into exactly what the warning is telling you, Firefox provides a detailed breakdown if you click the padlock.

Edge

Security Padlock Edge Address Bar

While this may change once Edge goes Chromium, Edge’s current system is to display the outline of a padlock (Security Padlock Edge Icon) when the connection is secured, a filled green padlock (Security Padlock Edge Green) when the site is using an extended validation certificate, and an “i” (Security Padlock Edge Not Secure) when the connection has some sort of problem, such as with an HTTP connection or mixed HTTP and HTTPS content.

Safari

Safari’s padlock icon (Security Padlock Safari) like Edge’s, will turn green (Security Padlock Safari Green) if there’s an extended validation certificate. If the connection is not encrypted, you’ll see a “Not Secure” message instead.

The changing faces of the padlock

For quite a long time, most browsers made the padlock a pleasant green color as an indication that the site you were visiting was standing out from the rest by following good security practices. Now, however, HTTPS has basically become the standard, with over fifty percent of the top million sites using it, and the lock has gone gray to indicate that sites that use it aren’t really that special – they’re just upholding the standard.

In the future, Chrome may actually remove the padlock altogether and only notify users when the site is insecure, as a good webpage should be using HTTPS anyway. Even if your page doesn’t process any sensitive information, Google’s search algorithm rewards sites that use encryption, so it’s in every site owner’s best interest to set up an SSL certificate. It might not be a user’s first instinct to check for a padlock, but if they ever see something odd or a warning message in the address bar, they’ll probably think twice before entering any information.

Image credits: SSL (Simple)

Andrew Braun Andrew Braun

Andrew Braun is a lifelong tech enthusiast with a wide range of interests, including travel, economics, math, data analysis, fitness, and more. He is an advocate of cryptocurrencies and other decentralized technologies, and hopes to see new generations of innovation continue to outdo each other.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.