Your browser is automatically tested by CRA's systems before you begin a transaction with us. You should keep your browser and operating system up to date. Your software is now required to support Transport Layer Security (TLS) 1.2. Check with the supplier of your browser and operating system for more details. For more information, go to Upgrading your web browser.

You need to give us two pieces of confidential information before you can use our secure services. These two pieces of identity information are used to create your digital signature. A digital signature is a type of electronic identification that can confirm the identity of the sender of a message, whether the message is encrypted or not. Digital signatures can only be generated by the sender. They can be verified, are tamperproof, cannot be forged or rejected, and ensure that the information contained in the message is not changed during transmission. Make sure that you keep this information and any passwords confidential so that others cannot use your digital signature.

For other electronic services, such as the CRA login services, you can change your password at your convenience on our website.

A good password is made up of letters (a mix of upper and lower cases), numbers, and characters, does not contain names or words found in the dictionary, and cannot be easily guessed.

Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses on your computer. Your anti-virus software helps protect the data stored on your computer and your operating system.

A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.

Like with many Internet websites, cookies help the CRA to establish a secure session between you and us. Using cookies for this purpose does not put your computer or personal information at risk. We do not store any personal information in the cookies.

A cookie is a computer text file sent to a visitor's web browser (such as Internet Explorer) by a web server (the computer that hosts the website that is being accessed) in order to remember certain pieces of information. This can be useful for both website visitors and website operators because it can reduce the amount of time needed to input and process the same information each time a website is used. Cookies cannot read information from a visitor’s hard drive.

Typically, the information stored in a cookie is:

• a name (chosen by the website you are visiting;
• a value (unique number for the cookie that is determined by and stored by the website for future recognition and action);
• an expiration date;
• a valid path (details about the webpage(s) that the visitor was on when the cookie was sent);
• a valid domain (the name of the website that created and can retrieve the cookie); and
• a secure connection requirement (if the cookie is marked "secure," it will be transmitted only if the visitor is connected to a secure website).

Use of cookies on Government of Canada websites

It is the policy of the Government of Canada to inform you about the presence of cookies and how and when they are used. You will find this information by clicking on the Important Notices link at the bottom of the webpages and then linking to the Privacy Notice.

Your privacy is safeguarded under Canada's Privacy Act.

When you conduct a secure online transaction on the CRA website that requires personal information, we will notify you, and your browser may be asked to accept a cookie. This notification is referred to as a "Privacy Notice Statement" and appears on every part of the website where personal information is requested.

Turning cookies on and off

Most browsers can be set to accept a range of options, from accepting no cookies to accepting only certain types of cookies, to allowing all cookies.

Some browsers can also be configured to alert you before a cookie is placed on your computer and ask if you wish to accept it or not.

To decide how you can enable or disable cookies and activate any special alerts, click on the Help option in your web browser toolbar and search the help index using the word "cookies."

There are also inexpensive software programs available that can help you manage your cookies and enable you to easily turn them on or off and to delete them. These features are often part of software that allows easy and safe deletion of applications and files on your computer.

When you visit a website, it is saved in your computer's memory and your browser's memory in an area called the cache. Your browser will then display the website more quickly the next time you visit because details about its contents, such as images and files, are stored in your cache. Your browser does not need to re-download all of the information about that website.

Information stored in your browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information.

After you complete a secure session, you should close and reopen your browser to clear your browser’s cache. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser.

Java applets are little programs that you can download over the Internet that run with your browser software. They are typically used to adapt or add interactive elements to a webpage. We recommend that Java applets be kept on while using CRA services.

JavaScript is a scripting language that works primarily on webpages. The CRA uses JavaScript to detect browser, browser version, and platform. We recommend that JavaScript be kept on while using our web services.

You must subscribe to CRA public key infrastructure (PKI) to get certain CRA PKI services and register for PKI-enabled programs, including Customs Internet Gateway, children's special allowance, National Child Benefit Service and other government-to-government programs, and business-of-government programs.