NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
What is the Safeonweb Browser Extension?
For every website you visit, the Safeonweb Browser Extension shows you if the owner has been validated (Green) or not (Amber).
Websites without a validated owner (Amber) should be suited for reading only. To share personal and sensitive information you can expect the owner of the web site to be validated (Green). If a hacker puts malicious content on a website with a validated owner the validation status will change to Amber or Red directly after the first notification. Known malicious or insecure websites are marked as Red.
Image
Pay attention!
The Extension only reflects information regarding the identification of the website's owner, not on its content.
How does the Safeonweb Browser Extension work?
The Extension allocates a score to the websites you visit:
- Green (OK) - score of 4 out of 4: the website owner has an Extended Validation Certificate issued by a Certificate Authority or the site owner is registered on atwork.safeonweb.be (for belgian organisations only). Therefore:
- It should be OK to continue surfing on this website.
- It should be OK to share data on this website.
- Amber (!) - scores from 1 to 3 out of 4: the website owner has an Organisation Validation Certificate, or a Domain Validation Certificate issued by a Certificate Authority, and the website is not registered on atwork.safeonweb.be Therefore:
- It should be OK to continue surfing on this website.
- If any doubts, refrain from sharing data on this website.
- Red (X) - score of 0 out of 4: the website lacks basic security features or is known as malicious. The website owner has no Certificate and therefore has not been validated. Therefore:
- We advise against browsing this website and sharing any data.
This score is based on 3 variables;
- The Certificate Type Score, which reflects the validation level of the Certificate you have obtained for your Website. This score is computed as follows;
- 3/3 if you have obtain any type of Certificate and registered your website on the Safeonweb@Work portal or you have obtained an Extended Validation Certificate;
- 2/3 if you have obtained an Organisation Validation Certificate;
- 1/3 if you have obtained a Domain Validation Certificate; or,
- 0/3 if you have not obtained any type of Certificate for your website.
- The Certificate Authority score, is a score of 1 or 0 depending on whether the Certificate Authority that delivered your website's Certificate is a known actor on the market and referenced in the CCB's databases.
- The Domain Score; reflects whether your domain is registered as malicious, in which case your total score will be brought down to 0.
FAQ
-
How do I improve the score of the website of my own organisation?
If your organisation is registered in Belgium, the first step to improve the score of your organisation's website is to register your organisation and domain on Safeonweb@Work.
All organisations can improve their score by ensuring they purchase a higher certificate from a trusted Certificate Authority.
-
What if my organisation has multiple domains or sub-domains?
The scores of different domains are computed separately, thus make sure to register all your domains on Safeonweb@Work (for organisations registered in Belgium) and/or to have Certificates from trusted CAs for all of them (for all organisations).
Subdomains scores are seperate. However, this depends on the SSL Certificate which can either be associated to one domain (single-domain certificate) or a domain and its subdomains (wild-card and multiple-domain certificate).
Non-public domains (e.g., intranet) are not assessed by the Extension.
-
I have not yet registered my website in Safeonweb@work, why does the Extension say it already is?
To ensure a smooth user experience, the CCB already preloaded some known trustworthy domains in Safeonweb@work. Please make sure to register your domain to validate this preload as soon as possible.
-
I work for a Web Development Agency, can I register the website of my clients on Safeonweb?
Yes, but avoid registering the website in the name of your own organisation. Instead, ask your clients to delegate the permission to you via My Egov Role Management.
-
Does the Extension scan my website?
No, the Extension only checks whether the domain is registered on Safeonweb@Work, your domains Certificate and Certificate Authority.
-
Is the Extension available on all browsers?
The Extension is currently available on all Chromium Web Browsers via the Chrome Web Store. This includes Google Chrome, Microsoft Edge, Opera, Vivaldi, Brave, etc. Future developments will be made to include additional browsers.
-
Is the Extension available on mobile?
No, the Extension is not currently available on any browser on mobile devices.
-
Do I have to pay to register my website on Safeonweb or the use the Extension?
No, the Safeonweb services are completely free of charge.
-
I am a private individual with no Enterprise number, how can I register my domain on Safeonweb?
Right now only organisations with an Enterprise Number can register their domain names. The investigation of the possibility to allow private individuals to register their domain names is on our future development roadmap.
-
I represent a non-Belgian organisation with no Belgian Enterprise Number, how can I register my domain name in Safeonweb?
Right now only Belgian organisations or non-Belgian organisation with an Enterprise Number can register their domain names. The investigation of the possibility to allow European organisations to register their domain names is on our future development roadmap.
-
Who is responsible for the Extension and who can I direct my questions to?
The Extension is developed by- and under the responsibility of the Centre for Cybersecurity in Belgium (CCB). The CCB is the national authority for cybersecurity in Belgium. One of the CCB’s missions is to make Belgium one of the most cybersecure countries in Europe. In this regard, the CCB developed the Safeonweb Browser Extension which contributes to this mission by helping citizens and organisations in assessing whether the identity of the website owner has been thoroughly validated or not. Website reliability could result from this.