How to check if a website is safe: 6 quick tips

Tips & tricks
4 mins
Questioning a website's safety

Before you input your address and credit card information into a website, you probably pause to think: Can I trust this site?

Or what about just clicking into a link on a page? Could this lead to a malware download? Or will the site be able to know who you are and where you’re located?

Usually we’re more trusting of big-name sites (although Big Tech comes with its own data-collection problems). Here are a few simple ways you can be confident that a site is safe to use and not out to scam you.

1. Check if the URL starts with ‘https’ or ‘http’

When you’re visiting a website, check whether its domain name starts with “https”—which indicates it’s SSL-certified and keeps your data encrypted from the moment it enters a web browser to reaching its server. If the website has an SSL, there should also be a padlock icon you can see in the address bar.

When you use an https website, your internet service provider and other third parties might be able to see which sites you’re visiting, but they can’t see what you’re doing on those sites or any information you enter into the site. Meanwhile, http websites, which do not have an SSL certificate, leave your personal data exposed.

A majority of legitimate, modern websites are https. It’s easy and affordable to get an SSL when the website is being set up. Most browsers also alert you when you’re visiting an unsecured site. But it doesn’t hurt to check the URL and decide whether to proceed if you’re warned that the website isn’t secure.

But just because the website you’re visiting is SSL-certified doesn’t mean your online activity is safe. A website with SSL will encrypt the information that enters it—but it can’t hide your IP address and online activity like a VPN.

Read more: Why HTTPS vs. VPN makes no sense

2. Judge if a website looks old

In the case of websites, do judge it by its appearance.

We should think twice when visiting a website with a theme that isn’t modern-looking, as it can say a lot about its security, not just its brand or style. Old-looking website themes mean the code is not regularly updated and might include security vulnerabilities, bugs that make the site difficult to use, and compatibility errors that might prevent you from using it at all.

3. Be wary if payment options are limited

On e-commerce sites, it’s a red flag if the payment options are obscure.

Legitimate websites usually offer Visa and Mastercard as payment methods, as well as other popular payment gateways like PayPal and Stripe, which encrypt your transactions. Be on guard if it only offers options like wire payment, bank transfers, or cryptocurrency.

Read more: Safety tips for online and in-store shopping

4. Look for a privacy policy

A privacy policy communicates how your data is collected, used, stored, shared, and protected. It’s legally required by many regions, such as the EU, Australia, and Canada. It’s always a good idea to look for and read over the privacy policy when you’re visiting a website—especially one that requires you to enter your information.

Realistically, most people do not read privacy policies. But at the very least, look out for its accessibility and location. A trustworthy website should have one that’s located in the footer or where it requests your personal information—but not buried deep within the site. It should still have a privacy policy if it won’t collect any of your personal data and states so clearly.

Read more: WhatsApp’s new privacy policy explained (2021)

5. Be skeptical of pop-up overload

It’s not at all weird for a website to show you pop-ups that ask for your attention to join their newsletter or grab their offers. But if a website shows you a lot of pop-ups, it could be “malvertising”—advertising that directs you to malware.

Clicking on them could direct you to a website that looks legitimate but will trick you into surrendering your personal information—a form of phishing. It could also download spyware, viruses, or other types of malware on your device.

If you happen to visit a website that blows up with pop-ups, best to close the website. Even if it’s not malicious, you don’t need that kind of annoyance in your life. Take your business elsewhere.

6. Use Google’s website safety checker

Google’s Safe Browsing service lets you check if it has identified a website as being unsafe. It does so by checking URLs against its regularly updated lists of unsafe web resources. You can simply paste the URL of the website into the search bar and hit “Enter”—and it’ll report back any unsafe content found. Often, an “unsafe” site is a legitimate one that has been compromised in some way.

What turns you off a website? Let us know in the comments!