How to know if a website is safe: 10 steps to verify secure sites


Review the ultimate guide on how to know if a website is safe this holiday season and beyond with tips and 10 steps for how to check if a website is secure.

As the holiday season approaches, millions of gift-givers will be turning to their favorite online retailers to find the perfect presents for their loved ones. Recent predictions forecast Cyber Monday e-commerce sales alone reaching over $11 billion this year. That’s why learning how to know if a website is safe is more important than ever. 

Cybercriminals scouring the internet for users with unprotected devices look forward to this time of year. With techniques such as phishing scamsmalware, and botnets, attackers can force their way into your databases to get ahold of your most sensitive information. Not so merry and bright, right?

Here is a breakdown of 10 steps for how to know if a website is safe to visit while shopping online, along with ways to protect your technology.

1. Check the SSL certificate

Signs of trustworthy sites

Many people using the internet today are probably familiar with the term HTTPS but might be unsure of its meaning and difference from HTTP.

If you only see HTTP within a URL, you should know that the website is not encrypted, meaning your activity could be visible to online predators. Essentially, HTTPS is a security feature provided by an SSL certificate, which is the part of a URL that encrypts a website. This adds a layer of defense against malicious cybercriminals and protects the site's information as it travels from server to server.

2. Double-check the domain

Cautious web surfers should always double-check the URL of the site they want to enter. If you receive an email from a bank or online retailer, search their name in a browser like Google to connect with their verified domain.  

Oftentimes, a cybercriminal will create a malicious website and URL that mimics another high-traffic website to trick users into logging in or making a purchase. This could grant the attacker access to private credentials and billing information that they can then use for credential stuffing. They could also decide to sell your info on the dark web to make a profit.

3. Search for a privacy policy 

The privacy policy outlines for users how the trusted website’s company collects, uses, and protects their data. You’ll find that most secure sites have one, since countries such as the U.S., Canada, and Australia sometimes require them by law. 

Take a second to review the site’s privacy policy before handing over your personal information. This will help you understand exactly who sees your data in addition to how and where they store it. 

Secure sites that take the time to create this policy demonstrate their care about their customers’ privacy, along with having a secure site that is safe to browse.

4. Analyze the website design 

Cybercriminals often throw together unsecure websites in a short amount of time, ignoring attractive design elements that more popular pages incorporate. Spelling errors and grammar mistakes will likely appear throughout the site as well.

If you come across a website that doesn’t seem to match the intended company’s branding or appears significantly different from what you’re used to seeing, either exit the page or think hard before entering any of your information.

5. Verify ownership  

Verifying the owner of a website is great for those learning how to check if a website is secure and it's actually much simpler than many might expect. With the help of Whois Lookup, you can find the name of the registered individual or legal entity that owns the website you’re trying to visit. 

If no contact information is present, consider that a potential sign of concern. Think about shopping with another trustworthy retailer or do some more digging until you can locate a person you can directly contact.   

6. Find contact information 

For some, the presence of contact information can make them feel more comfortable with the website they’re on. Recent studies have shown that 44% of website visitors will leave a website if there is no contact information provided. Though this information won’t protect you from dangerous websites, it shows you there is someone to reach out to if you run into security concerns. 

7. Identify (and question) trust seals 

Website security symbols decoded

One of the best indicators for those trying to learn how to know if a website is safe is a trust seal. Trust seals are icons with the words “Secure” or “Verified” located beside a URL at the top of the webpage. These can be indicators that the site uses HTTPS security and can also demonstrate the use of other security features like periodic malware scans

It’s not enough, however, to just see a trust seal. Nowadays, attackers have found ways to mimic legitimate seals to trick users. Luckily, confirming authentic trust seals is pretty simple — just click on the badge to see if it takes you to a verification page. This confirms that the site is working with a security partner in charge of protecting the data shared and stored on the trusted website.

8. Look for reviews  

If you’re interested in buying from a company you’ve never dealt with before, it’s best to do a little research. Google the company’s name and look into other customer experiences. This form of social proof can help distinguish legitimate businesses from potential scams. Reddit and other social forums are also a good place to get insight regarding a company’s security best practices and treatment of customers.  

9. Consider cybersecurity tools

Sure, downloading antivirus software is great for people unsure of how to know if a website is safe or not. But the tools don’t stop there. You should know there are other security tools you can use to protect your systems against malicious software. 

VPN provides a secure and encrypted internet connection for users browsing online. With a VPN protecting your network, hackers will have major trouble using phishing and scareware to get their hands on your most sensitive information. If you’re wondering how to check if a website is safe before entering, there are also website safety checkers you can install that scan and flag suspicious URLs to help identify potentially dangerous websites.

10. Know the signs of unsecure websites

Signs of insecure sites

There are times when you’ll be able to instantly tell if you're on an unsecure website or not. From flashing warnings to suspicious pop-ups, these are a few things that could indicate the presence of malware on a site you’ve come across:

  • Search engine warnings: While using certain search engines, warning signs may pop up when attempting to enter a site viewed as potentially dangerous. Though these warnings are sometimes inaccurate, it’s best to select a different site instead.
  • Spam: Strange websites with flashing warning signs and exclamation marks are telltale signs of malware.
  • RedirectsBrowser hijackers can embed malware onto sites that will automatically redirect users to other unrelated and potentially harmful web pages. If you come across this kind of tactic, close all unwanted web pages immediately.
  • Pop-ups: If you click on a site that brings up tons of pop-ups, exit the browser immediately. This is a good indicator that the site could be infected with malvertising or adware

As the season of giving draws near, having tools you can use to learn how to know if a website is safe can make your holiday shopping experience even better. This list proves there are several ways to spot unsecure websites while you’re sifting through your gift ideas. Consider using them to better protect not only your holiday festivities but also your privacy and identity.  

2021 cybersafe online shopping guide


Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.