For example, here is how the browser looks when we try to log in to an email account at [riseup.net](https://riseup.net/), using their [webmail interface](https://mail.riseup.net/):
Notice the padlock icon on the left of the address bar saying "mail.riseup.net".Notice also the address beginning with "https://" (instead of "http://"). These are the indicators that an encrypted connection using [[!wikipedia HTTPS]] is being used.
When you are sending or retrieving sensitive information (like passwords), you should try to only use services providing HTTPS. Otherwise, it is very easy for an eavesdropper to steal whatever information you are sending, or to modify the content of a page on its way to your browser.
[HTTPS Everywhere](https://www.eff.org/https-everywhere) is a Firefox extension included in <span class="application">Tor Browser</span>. It is produced as a collaboration between [The Tor Project](https://torproject.org/) and the [Electronic Frontier Foundation](https://eff.org/). It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For example, they might default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
That is why JavaScript is enabled by default but <span class="application">Tor Browser</span> disables all potentially dangerous JavaScript. We consider this as a necessary compromise between security and usability.
You can change the security level of <span class="application">Tor Browser</span> to disable browser features as a trade-off between security and usability. For example, you can set the security level to *Safest* to disable JavaScript completely.
The last relay in the circuit, the one immediately above the destination website, is the *exit relay*. Its country might influence how the website behaves.
