Safari offers a high level of protection from malicious websites, but you should still use your best judgement when browsing online. This is not important for many websites, like a news source or weather forecast, but you should avoid entering sensitive personal information on these pages. If no indicator appears, this means the site is not using a secure connection.
A secure connection makes it almost impossible for someone to access your information. Always check for this icon when entering sensitive information, like your credit card number or birth date. The HTTPS indicator will appear if the site is using a secure connection.
If you do not yet support HTTPS, the first step is to get a TLS certificate and then install it on your webserver.Understanding this indicator can help you stay safe when entering personal information online. If your website already supports HTTPS it is possible that you are not properly enforcing certificate best practices. Instead, websites should offer HTTPS, which uses the SSL protocol to provide a secure connection. Major web browsers have been steadily working to discourage the use of HTTP by adding negative UI indicators, such as this one, and restricting functionality to HTTP pages. The only way to remove the “Not Secure” warning in Safari for your website is to make sure your visitors are connecting over HTTPS (this is a change the website owner/administrator has to make, so contact them if a site you regularly use is presenting this warning). Safari and other web browsers no longer want users connecting via HTTP because of the security risks and have been showing various warnings for a few years now. When you click on the padlock you can get additional information about OV and EV certificates to ensure the site you are visiting is from the company you intended. The validation standards are globally prescribed and audited.
Identity is presented in certificates for extra protection, when the Certificate Authority issuing the certificate follows Organizational Validation or Extended Validation (OV or EV). Server authentication ensures that you are not vulnerable to spoofing - a common type of internet attack that allows one computer to impersonate another (similar to someone putting on a fake uniform and impersonating a police officer). Encryption protects your data from being read by anyone but the website you are connecting to. Instead you want to use HTTPS - note the S at the end which indicates “Secure.” HTTPS includes a security protocol named TLS (for Transport Layer Security, more commonly referred to as SSL, or Secure Sockets Layer, the protocol’s predecessor), which adds the missing security features: encryption and server authentication.
For example, if you enter your password into an HTTP page it is then sent across your network and all the way to the webserver - which involves transmission through many different computers along the way to make it the many miles between your computers - all of which can see your password and potentially steal it. Any information you enter into an HTTP page is transmitted over the internet in plain text, which means there is no encryption or other protection of the data. You should not send any sensitive data to a page when you see this warning. Note that this is not an issue with your computer or iPhone/iPad, but with the specific website or webpage you are viewing. If you are a visitor to a website displaying this warning, you should be aware that HTTP lacks connection security - meaning the data you send and receive with that page is not protected and could be viewed by others or intercepted. This warning appears on macOS as of version 10.14.4 and iOS 12.2. If the page contains any form fields, the warning turns red once the user interacts with any of the fields (or turns red automatically if the field has autofocus, meaning it’s selected by default on page load). The “Not Secure” warning appears on all pages in Safari when connecting over HTTP. Last year, Google Chrome and Mozilla Firefox became the first major browsers to display the same warning. As of March 2019, Safari on macOS and iOS displays a warning reading “Not Secure” in the address bar for all HTTP connections.