What does a padlock icon mean in the browser?

The padlock means your connection to the site is encrypted via HTTPS. It does not guarantee the site operator is trustworthy. Scammers can also have padlocks. Always verify the domain name is correct.

Is This Website Safe? 5 Ways to Check Any Site Before You Click

Q: How can I check if a website is safe to buy from?

Check for HTTPS (padlock icon), verify the domain matches the brand exactly, look for secure payment options (credit card, PayPal), and search for reviews of the site. Run a security scan with DomainOptic to check for blacklists and SSL issues.

Q: Is HTTPS enough to prove a site is safe?

No. HTTPS means the connection is encrypted, but scammers can get SSL certificates too. You also need to verify the domain is legitimate (not a lookalike like amaz0n.com) and check for other trust signals.

Q: How do I know if a site has malware?

Run a security scan using tools like VirusTotal or DomainOptic. Watch for browser warnings. Be wary of sites asking you to download unexpected files or with many pop-ups.

Published December 21, 2025 · 8 min read

Is This Website Safe? How to Tell in 30 Seconds

Last month my dad almost got scammed. He clicked a link in an email that looked like it came from his bank. The site was perfect - same logo, same colors, same layout. But the URL was "chase-secure-login.com" instead of chase.com. He caught it at the last second.

Most people aren't that lucky. So here's what I check before trusting any website.

The 30-Second Check

Before you do anything else, look at the address bar:

Does it start with https:// and show a padlock?

Is the domain spelled exactly right? (amazon.com, not amaz0n.com)

Is your browser showing any warnings?

That catches maybe 80% of sketchy sites. But if you want to be thorough, keep reading.

Check 1: The Padlock and HTTPS

Click the padlock icon in your browser. It'll show you certificate details - who issued it, when it expires, what domain it covers.

Here's the thing though: having HTTPS doesn't mean a site is legit. Any scammer can get a free SSL certificate from Let's Encrypt in about 5 minutes. I know because we use Let's Encrypt ourselves - it's great technology, but it means the padlock alone proves nothing about trustworthiness.

What the padlock DOES mean: your connection is encrypted. Nobody can intercept what you type. But you might be sending your password directly to a scammer over an encrypted connection. So don't stop at the padlock.

Check 2: Look at the Domain Carefully

Phishing sites bank on you not looking closely. Here's what I've seen in the wild:

Fake Domain	Real Domain
amaz0n.com	amazon.com
paypa1.com	paypal.com
g00gle.com	google.com
netflix-login.com	netflix.com
apple.com-verify.xyz	apple.com

That last one is sneaky. "apple.com" appears in the URL, but the actual domain is "com-verify.xyz". The real domain is always right before the first single slash.

Watch out for:

Letter substitutions (0 for O, 1 for l, rn for m)
Extra words like "login", "secure", "verify", "account"
Weird TLDs (.xyz, .top, .click, .buzz) - legitimate companies rarely use these
Subdomains that look official (secure.paypal.com.scammer.xyz)

Check 3: Run a Security Scan

When I'm genuinely unsure about a site, I run it through a scanner. Takes 10 seconds.

Our Security Audit tool checks SSL certificates, DNS configuration, security headers, and whether the domain is on any blacklists. It'll also flag if there's exposed API keys in the JavaScript - which honestly tells you a lot about how seriously the site takes security.

You can also paste URLs into VirusTotal - they check against 70+ security vendors. If multiple vendors flag it, stay away.

Check 4: Red Flags on the Page Itself

Some things just feel off. Trust that instinct. But also look for:

Good signs:

Real contact info (phone number, physical address, email that matches the domain)
Privacy policy and terms pages that actually say something
Professional design - not perfect, but consistent
About page with real people or company info
Multiple payment options including credit cards

Bad signs:

Prices that are way too good. A $1,200 laptop for $199? Come on.
Countdown timers and "Only 2 left!" on everything
Grammar that's just slightly off - like it was machine translated
No way to contact them except a form
Only accepts wire transfer, gift cards, or crypto

Check 5: Domain Age Matters

Most scam sites are new. They pop up, steal what they can, and disappear. So a domain registered last week selling designer bags at 90% off? That's a no from me.

You can check domain age with WHOIS lookup. Our tool shows this, or just google "[domain] whois". If it was registered in the last few months, be extra careful - especially for e-commerce.

That said, new legitimate businesses exist too. Look for other trust signals if the domain is young.

Before You Enter Any Personal Info

Real talk: I type bank URLs manually every single time. Never click links in emails for anything financial.

And before entering a password or credit card anywhere:

Double-check that URL letter by letter

Make sure there's no browser warnings

Ask yourself how you got here - did you click a link from a sketchy email?

If the answer to #3 is yes, close the tab and navigate there yourself.

Frequently Asked Questions

How can I check if a website is safe to buy from?

Check HTTPS, verify the exact domain name, look for real contact information, search for reviews outside the site itself, and stick to credit cards so you can dispute charges if needed.

Is HTTPS enough to prove a site is safe?

No. HTTPS just means the connection is encrypted. Scammers get SSL certificates all the time - it's free and takes minutes. You need to verify the domain itself is legitimate.

What does the padlock icon actually mean?

It means your data is encrypted in transit. Nobody can intercept it between your browser and the server. It does NOT mean the server operator is trustworthy.

How do I know if a site has malware?

Run it through VirusTotal or our Security Audit. Also trust your browser - if Chrome or Firefox shows a red warning page, don't ignore it. And never download files you weren't expecting.

Check any website now Run a security audit