There are a couple of “ways to use” a site.
If your browser gives you a warning about a site
Leave immediately, don’t go back.
Close the browser tab, and even consider removing that URL from your browser history, so you don’t accidentally go there.
If you get a warning about a site that you know, that used to be good, contact the site owners some other way, alerting them their site very likely got hacked.
To fill out a form on a site
Never fill out a form on a site that doesn’t have an SSL “lock” icon showing in your browser bar. It should also show the URL is “https” instead of “http”, but beyond that the browser needs to validate the security certificate is for the site.
Use a “disposable email address”, one that you can delete any time. You might set it up as an “email forwarder”, so you receive the emails from them in your main email account. You can use a GMail account, only for that purpose, knowing that GMail is very good at recognizing spam and blocking the spammer for everyone.
I have a general email account for signing up on websites, so the email account I give to friends and family isn’t cluttered with that flood of “one step better than spam” junk emails.
To visit a site, not running any unsafe scripts
For Known sites: I set NoScript to always allow scripts from that site.
Use minimal add-ons to your browser. Those shopping “helpers” are not worth the risk; you’ve just given the author a whole lot of information and control.
To visit a site from an email or FaceBook or other link
Don’t. Browse to the site by typing the URL in to your browser.
The link it “claims” to be could be different than the URL that you are taken to when you click the link. (Web page links consist of “link text” and “link URL”, and the link text can be anything.)
If you right-click on a link (or command-click on OS/X) you will get a menu, and from there you can “Copy Link Location”. You can look at the URL in your text editor, and remove unwanted parameters. Parameters on a URL are “the stuff after the question mark”, if the URL has some. Very often you can see the page just fine without all those tracking code parameters.
For any site that is important, make sure you are on the actual site. Call your bank on the phone using the number on your credit card, instead of clicking the link that you “think” is valid, but is actually a site that “looks just like” your bank.
To visit a site that you don’t trust but you still want something from them
Visit the site using the Tor browser, which uses multi-hop secure transmission (so your location can’t be tracked), has all scripts disabled by default (so they can’t run bad scripts when you visit), don’t fill out any forms or supply any important information about you.
Many common anti-virus software includes browser security. They can alert you if you are browsing to a website that is known to contain malware, and they will disable malware downloaded onto your computer before it infects your computer. Norton, Avast or Panda are good ones; I’m using the free version of Panda on my computer and Avast on my phone.
Don’t give out any information about you, that they don’t legitimately need.
Your pizza place needs to deliver to your address, and needs a valid credit card number, but they don’t need to know your mother’s maiden name or your favorite color.
When sites ask you for information about you that don’t need to know it, for example your age/city/phone, Lie.
Use your password keeper to keep track of the answer you gave them.
“What street was your first house on?” say “Banana”.
“What is your mother’s maiden name?”, say “Sea of Tranquility” (Apollo 11 lunar landing site).
“What’s your birthday?” Either 7/4/1976 or 1/1/2001.
Use a different password for each and every site. Use a password keeper to generate the passwords and remember them, so you don’t remember them. (The hacker who broke into your pizza place, knows many people use the same password at all sites, including for their bank.)
I use LastPass, 1Password is also excellent but not to be confused with OnePassword which I’ve never used. Keep your passwords, website credentials, software license keys, etc. in the password keeper. All fields are encrypted on your computer, before being sent to the company; even if the company gets hacked, all the hacker would get is an encrypted form of your information. Of course, use a very strong password phrase as the master password for your password keeper.