phone icon

How to know if a website is safe: 10 steps to verify secure sites


Review the ultimate guide on how to know if a website is safe this holiday season and beyond with tips and 10 steps for how to check if a website is secure.

Cybercriminals scouring the internet for users with unprotected devices look forward to this time of year. With techniques such as phishing scams, malware, and botnets, attackers can force their way into your databases to get ahold of your most sensitive information. Not so merry and bright, right? That’s why learning how to know if a website is safe is more important than ever. 

Here is a breakdown of 10 steps for how to know if a website is safe to visit while shopping online, along with ways to protect your technology.

1. Check the SSL certificate

Signs of trustworthy sites

Many people using the internet today are probably familiar with the term HTTPS but might be unsure of its meaning and difference from HTTP.

If you only see HTTP within a URL, you should know that the website is not encrypted, meaning your activity could be visible to online predators. Essentially, HTTPS is a security feature provided by an SSL certificate, which is the part of a URL that encrypts a website. This adds a layer of defense against malicious cybercriminals and protects the site's information as it travels from server to server.

2. Double-check the domain

Cautious web surfers should always double-check the URL of the site they want to enter. If you receive an email from a bank or online retailer, search their name in a browser like Google to connect with their verified domain.  

Oftentimes, a cybercriminal will create a malicious website and URL that mimics another high-traffic website to trick users into logging in or making a purchase. This could grant the attacker access to private credentials and billing information that they can then use for credential stuffing. They could also decide to sell your info on the dark web to make a profit. With the latest version of Norton 360 we will notify you if any of your information is found on the dark web. 

3. Search for a privacy policy 

The privacy policy outlines for users how the trusted website’s company collects, uses, and protects their data. You’ll find that most secure sites have one, since countries such as the U.S., Canada, and Australia sometimes require them by law. 

Take a second to review the site’s privacy policy before handing over your personal information. This will help you understand exactly who sees your data in addition to how and where they store it. 

4. Analyze the website design 

Cybercriminals often throw together unsecure websites in a short amount of time, ignoring attractive design elements that more popular pages incorporate. Spelling errors and grammar mistakes will likely appear throughout the site as well.

If you come across a website that doesn’t seem to match the intended company’s branding or appears significantly different from what you’re used to seeing, either exit the page or think hard before entering any of your information.

5. Verify ownership  

Verifying the owner of a website is great for those learning how to check if a website is secure and it's actually much simpler than many might expect. With the help of Who is Lookup, you can find the name of the registered individual or legal entity that owns the website you’re trying to visit. 

If no contact information is present, consider that a potential sign of concern. Think about shopping with another trustworthy retailer or do some more digging until you can locate a person you can directly contact.  

6. Find contact information 

For some, the presence of contact information can make them feel more comfortable with the website they’re on. Recent studies have shown that 44% of website visitors will leave a website if there is no contact information provided. Though this information won’t protect you from dangerous websites, it shows you there is someone to reach out to if you run into security concerns. 

7. Identify (and question) trust seals 

Website security symbols decoded

One of the best indicators for those trying to learn how to know if a website is safe is a trust seal. Trust seals are icons with the words “Secure” or “Verified” located beside a URL at the top of the webpage. These can be indicators that the site uses HTTPS security and can also demonstrate the use of other security features like periodic malware scans. 

It’s not enough, however, to just see a trust seal. Nowadays, attackers have found ways to mimic legitimate seals to trick users. Luckily, confirming authentic trust seals is pretty simple — just click on the badge to see if it takes you to a verification page. This confirms that the site is working with a security partner in charge of protecting the data shared and stored on the trusted website.

8. Look for reviews  

If you’re interested in buying from a company you’ve never dealt with before, it’s best to do a little research. Google the company’s name and look into other customer experiences. This form of social proof can help distinguish legitimate businesses from potential scams. Reddit and other social forums are also a good place to get insight regarding a company’s security best practices and treatment of customers.  

9. Consider cybersecurity tools

In addition to installing Norton 360 to your mobile devices, there are other security tools you can use to protect your systems against malicious software. 

VPN provides a secure and encrypted internet connection for users browsing online. Norton 360 Secure VPN, included in your subscription can aid in protecting your network. Hackers will have major trouble using phishing and scareware to get their hands on your most sensitive information.

Use Norton Safe Search, also included in your Norton 360 plan, which helps protect your devices by marking unsafe search results when you search. You can also check if a website is safe before entering, by using Norton Safe Web to scan and flag suspicious URLs to help identify potentially dangerous websites.

10. Know the signs of unsecure websites 

Signs of trustworthy sites

There are times when you’ll be able to instantly tell if you're on an unsecure website or not. From flashing warnings to suspicious pop-ups, these are a few things that could indicate the presence of malware on a site you’ve come across:

  • Search engine warnings: While using certain search engines, warning signs may pop up when attempting to enter a site viewed as potentially dangerous. Though these warnings are sometimes inaccurate, it’s best to select a different site instead.
  • Spam: Strange websites with flashing warning signs and exclamation marks are telltale signs of malware.
  • Redirects: Browser hijackers can embed malware onto sites that will automatically redirect users to other unrelated and potentially harmful web pages. If you come across this kind of tactic, close all unwanted web pages immediately.
  • Pop-ups: If you click on a site that brings up tons of pop-ups, exit the browser immediately. This is a good indicator that the site could be infected with malvertising or adware.

As the season of giving draws near, having tools you can use to learn how to know if a website is safe can make your holiday shopping experience even better. This list proves there are several ways to spot unsecure websites while you’re sifting through your gift ideas. Consider using them to better protect not only your holiday festivities but also your privacy and identity.  

Keeping You Cyber Safe

Maximize the value of your Norton 360 subscription by installing protection on multiple devices, staying more private on public Wi-Fi with VPN, backing up your most important documents with secure PC Cloud Backup, and getting notified if we find your information for sale online with Dark Web Monitoring powered by LifeLock.

Don’t have one of our Norton 360 plans yet?
Click here to upgrade.

No one can prevent all cybercrime or identity theft. Not all products, services and features are available on all devices or operating systems. System requirement information on
§ Dark Web Monitoring in Norton 360 plans (without LifeLock) defaults to monitor your email address only. Log in to your account to enter more info for monitoring purposes. If you are a current LifeLock member, you can manage those settings in the LifeLock member portal.

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.