Secure sites: Are you secure?

Post your tutorials for using Pale Moon or performing related tasks here.
Note: Not for "how do I...?" Questions!

Moderator: satrow

Forum rules
Tutorials and Howtos should only relate to Pale Moon, and not to third party applications. e.g.: Don't post a Howto for configuring your firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
User avatar
Pale Moon guru
Pale Moon guru
Posts: 25418
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E

Secure sites: Are you secure?

Post by Moonchild » 2013-02-17, 23:20

Pale Moon displays secure sites slightly differently than other browsers, so here is a short explanation about the different statuses you may see, and what exactly they mean:
  1. Normal site:
    normalsite.png (2.15 KiB) Viewed 8918 times
    The connection to the site is not encrypted, and anything you post to or get from the website is transferred normally. This is the normal state for most web pages you will visit, and is normal for regular browsing.
  2. Secure site:
    https.png (3.99 KiB) Viewed 8918 times
    The connection to the site is encrypted, and anything you post to or get from the website is securely transferred to prevent eavesdropping. This is a common state for on-line shopping, most e-mail providers who supply webmail, and a number systems for securely logging in, etc.
    Unlike Firefox, Pale Moon will display the verified domain name for these types of connections.
  3. Secure site with extended validation:
    https-ev.png (4.33 KiB) Viewed 8918 times
    The connection is encrypted like in (2), but the certificate owner has also been verified through an extended validation process. This is a common state for higher-security sites like on-line banking, eMoney providers, and secure governmental sites dealing with highly personal information. Pale moon will display the verified organization name. Because these kinds of certificates are much more expensive, most smaller businesses will not use extended validation for their encrypted pages and you will see a "domain verified" encrypted connection instead (as in (2)).
  4. Low-grade encrypted, or mixed-content site:
    https-broken.png (4.24 KiB) Viewed 8918 times
    Although the protocol used is https, the connection is not trusted. This can be caused by a particularly low-grade encryption used (which takes very little effort or time to circumvent) or by mixed secure and non-secure content on a single page. The latter can be a common occurrence if you have pages restored after a browser shutdown (e.g. through session restore or if you use "show my windows and tabs from last time"). Pale Moon will, in this case, also not display the domain name or validated organization name, and will not show a blue or green border or identity panel background.
    Be very careful when you see this icon!
    Do not enter any login, financial or personal information when you see this icon displayed. If it was a cached page, completely refresh the page (Ctrl+F5) and check for proper encryption.
At all times, you can click the displayed website icon or domain name/organization name for basic details about the encrypted state, or you can click the padlock itself to open a more detailed window with information about your connection.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne