Protect yourself from unsafe sites

Download Norton 360 Deluxe to stay safer when browsing and shopping online.

Get it now

Protect against unsafe sites

Install Norton 360 Deluxe to stay safer when browsing and shopping online.

Get it now

How to check if a website is safe: an 11-step guide

A person in a yellow shirt using a laptop computer to learn how to check if a website is safe.

Because there are so many scams out there, it can seem difficult to know how to check if a website is safe. Learn cybersecurity best practices and our 11 tips to stay safer online, including using strong online protection like Norton 360 Deluxe to help block online threats and prevent you from visiting fake websites.

1. Know what happens if you visit an unsafe website

The first step to avoiding fake websites is to know what you'll see if you ever inadvertently land on an unsafe site. Most modern browsers are designed to make navigating the internet easier and safer. If you visit a site with known safety issues, the browser will usually inform you by presenting a fullscreen warning about the dangers of continuing to that page.

These warnings might say that your connection is not private or that you’re heading toward a deceptive site. If you see one of these warnings, close the window or click “back to safety” to avoid a potentially unsafe site. If you know that a site is safe, click on “Advanced” to proceed.

If you visit an unsafe site, you could end up dealing with several issues, including:

Image of a browser warning that says a user’s connection is not private.

2. Look for an SSL certificate

An SSL (Secure Sockets Layer) is a digital certificate that certifies that a website is legitimate and that it offers encryption to protect personal information and financial data. In order for a site to have an SSL, they have to prove to the issuer of the certificate that they are who they claim to be.

Checking to see if a website has an SSL is simple: look at the address bar when you visit a site. You should see:

  • “https://” at the beginning of the URL. The “s” at the end of the http means “secure.”
  • A lock icon on the far left side of the address bar. This lock signifies a secure connection between you and the site. Click on the lock for more details about the website’s security.

If a site doesn’t have an SSL, it doesn’t necessarily mean it is unsafe. It could mean that it’s OK to browse that site, but it may not be safe to share any personal information.

Image showing the SSL certificate and other safety information when using a web browser.

3. Use a website checker

If your browser didn’t provide you with a warning about a site, but you still don’t feel great about sharing your information or making a purchase, you can double-check it using a site checker. A website safety checker like Google’s Safe Browsing site status page will let you know if a website is unsafe or if a previously trustworthy site has been compromised or has unsafe elements.

If you drop an address into a URL checker and it shows that a site might not be secure, close the window and don’t visit it again until another check shows that it’s not dangerous.

4. Find the site’s privacy policy

Have you ever navigated to a site that boasted about its security but you weren’t sure exactly what that meant? There’s an easy method for finding out if this website is legit and learning exactly what a site is doing to protect you and your data: read its privacy policy.

Most websites have privacy policies due to legal requirements, but it’s also the fastest way to learn about what information a site can collect from you and how they use it. You can usually find the privacy policy linked in the footer at the bottom of the website or via a site search.

When you are reading a privacy policy, look for:

  • Clear language spelling out what information it collects from users and how it is collected
  • An overview of how the site protects your information
  • Language that defines who can access the information the site collects
  • Options for reviewing the information a site has collected
  • Options for opting out of data collection
  • Language that defines how long the site will hold onto your information
  • Contact information to see if the site is transparent about how to reach them

If a site doesn’t have a privacy policy, it may mean that they don’t collect any data, or it could mean that they don’t want to let you know what information they are collecting.

5. Make sure the site is real

Hackers have several ways to try to steal your information using fake websites. Spoofing is when a scammer builds a site that looks almost identical to a real site in order to capture your logins and passwords.

Typosquatting is when someone buys a domain similar to a well-known site (, for example) in the hope that someone will accidentally mistype the URL and end up on this fake site where they may be exposed to malware.

If you receive a link from someone you don’t know or a site you regularly visit is functioning differently than normal, check the URL to ensure you’re on the right site. If you’ve stumbled onto one of these false domains, close the window and clear your history and browsing data to keep you from ending up there again. Report the suspicious website if you believe it is running a scam.

Illustrated chart showing two kinds of fake sites with tips for avoiding them.

6. Read reviews of the site

If you’re checking out a new site and aren’t sure how to tell if a website is secure or if it’s safe to buy from it, reading reviews of the site can show you what other people think. Go to your favorite search engine, type in the site name, and add “reviews” at the end of your query.

When looking at reviews, pay close attention to:

  • Consistently bad reviews
  • Allegations of unsafe practices
  • Instances of fraud
  • Mentions of poor customer service
  • Too many overly positive reviews that sound the same (this could indicate that the reviews aren’t real)  

Reviews provide a pretty good picture of whether or not a website is safe, because people don’t like being scammed or having their information shared without permission.

7. Search for contact information

Contact information on its own isn’t a guarantee that a site is safe, but it is a signal that there is a person or a team of people who are ready to assist you if you have questions.

If a site feels a little sketchy, or if you want to make a purchase but don’t want to trust your financial information to a company you don’t know, reach out using the contact information. They may have other ways for you to make a purchase that you feel more comfortable with.

If a site doesn’t have obvious contact information, it might be an oversight (especially if it’s a newer site), or it could mean that whoever owns the domain doesn’t want people contacting them because of potentially shady practices.

Illustrated chart with 5 signs that a site is trustworthy and safe.

8. Keep an eye out for spelling errors and design problems

Sites that are riddled with design issues and spelling and grammatical errors could be a sign that a site isn’t safe. Pharming attacks and spoofed sites are designed to trick you into providing your personal and financial information to what appears to be a site you already know and trust. However, scammers will often make mistakes when it comes to the text and functionality of these sites.

If you find that the elements on a page you’ve used before look different, or there are misspelled words or odd turns of phrase, it could mean you’re on an unsafe site. Close the browser window, clear your history, cookies, and caches, then try going back to the site. If it looks normal, that likely means you were on a scam site.

9. There are too many pop-ups

Everyone has their definition of how many pop-ups are too many, but if a site has so many pop-ups that you can’t actually navigate it, that means there are too many. If there are multiple pop-ups and none are related to the site you tried to visit, that’s another sign that you may be on an unsafe website.

Pop-ups to avoid:

  • Any that ask for financial information
  • Cybersecurity warnings — this is called scareware, and it could mean that you end up downloading malware instead of protecting yourself from it
  • Those advertising unrelated products or services

Installing a pop-up blocker for your phone and computer can help suppress a lot of these dialog boxes before they ever become a problem.

Illustrated chart with tips on how to tell if a pop-up is safe or not.

10. Find out who owns the site

Before you spend money at an online store, you can verify who owns the site by running a Whois search. This search will tell you who owns a website so you can make a more informed decision about where you want to spend your money. If a site is owned by someone other than the purported owner (or you can’t find a way to contact them), you’re probably better off taking your business to a more reputable company.

11. Use web security tools

Using web security tools like Norton 360 Deluxe can help block hackers and protect against fake sites, helping to prevent your data from falling into the wrong hands. And with a built-in VPN and parental controls, safer browsing is available for you and your family. Not only can these security tools protect your financial and personal information, but they also help protect your devices from debilitating malware.

FAQs about how to know if a website is safe

Still have questions about how to check if a website is safe to buy from or visit? We’ve got you covered.

How do scam websites work?

There are several kinds of scam websites, and they each function differently. Phishing sites are designed to get you to reveal personal information about yourself that can help hackers and scammers get into your accounts. Hackers build spoof sites to look like sites you already know and trust in order to steal your account information and passwords directly.

How can I check if a link is safe?

If you’re using a computer, you can hover over the link with your cursor. If it shows a different domain than what you expected, it may be unsafe. You can copy it and check it out with a URL safety check site. If a link doesn’t look safe (or you just aren’t sure), it’s best to not click it. Instead, go directly to the site by typing the URL into your browser to avoid exposing your information to scammers.

Does clearing my cache get rid of viruses?

It depends. Some viruses and malware may be designed to hang out in your cache, and clearing it could delete them. However, it won’t help if the malware was already deployed.

How do I know if a link is phishing?

If the message or site has grammatical and spelling errors and poor design functionality, it might be a sign that it’s trying to phish you. If the site asks for information that could be used to identify you or reveal your passwords or other sensitive information, it could be a phishing link. If a link came from an unknown sender or it looks suspicious, it’s best not to click on it.

Ellie Farrier
  • Ellie Farrier
  • Cybersecurity writer
Ellie Farrier is a Prague-based cybersecurity writer interested in how technology and society overlap, especially the impacts of device security. Previously, she worked as a technical writer, diving into product troubleshooting, how-to guides, and tech usability.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.