Tips for making secure online transactions in Internet Explorer 9

A secure online transaction is an encrypted exchange of information between a website and Windows Internet Explorer 9.

To help ensure that an online transaction is secure, look for the following:

  • The web address starts with the prefix HTTPS. The "S" is important because it means that an encryption protocol called Secure Sockets Layer (SSL) is being used to connect to a web server. The prefix HTTP (without the "S") means that encryption isn't being used, and the transaction is less secure.

    If you receive a message in the Notification bar telling you that some content isn't secure, then the webpage is displaying content using both HTTPS and HTTP web server connections. HTTP (without the "S") transactions might not be secure. For more information, see the “Only secure content is displayed” notification in Internet Explorer 9.

  • A lock icon appears on the right side of the Address bar. Click the lock icon to view the certificate used to encrypt the webpage. The certificate identifies the certification authority that issued it, the dates that it's valid, and the server you're communicating with. If something looks wrong in the information, contact the issuer to confirm the certificate's validity.

  • If the website has a certificate, the color in the Address bar shows the certificate's validation level.

    The following table describes what the colors in the Address bar mean.

    What it means


    The certificate is out of date, invalid, or has an error. For more information, see Certificate errors: frequently asked questions.


    The authenticity of the certificate or certification authority that issued it can't be verified. This might indicate a problem with the certification authority's website.


    The certificate has normal validation. This means that communication with the website is encrypted.


    The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar.


  • An encrypted connection doesn't guarantee that the website is trustworthy. Your privacy can still be compromised by the way the website uses or distributes your information.