diff --git a/datasette/templates/index.html b/datasette/templates/index.html
index 3b8568b3..5a8dccae 100644
--- a/datasette/templates/index.html
+++ b/datasette/templates/index.html
@@ -5,7 +5,7 @@
 {% block body_class %}index{% endblock %}
 
 {% block content %}
-<h1>{{ metadata.title or "Datasette" }}</h1>
+<h1>{{ metadata.title or "Datasette" }}{% if private %} 🔒{% endif %}</h1>
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 
diff --git a/datasette/views/index.py b/datasette/views/index.py
index 0f7fb613..8cbe28f0 100644
--- a/datasette/views/index.py
+++ b/datasette/views/index.py
@@ -121,5 +121,8 @@ class IndexView(BaseView):
                     "databases": databases,
                     "metadata": self.ds.metadata(),
                     "datasette_version": __version__,
+                    "private": not await self.ds.permission_allowed(
+                        None, "view-instance"
+                    ),
                 },
             )
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index df905aa1..5dcf46ad 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -16,10 +16,16 @@ def test_view_instance(allow, expected_anon, expected_auth):
         ):
             anon_response = client.get(path)
             assert expected_anon == anon_response.status
+            if allow and path == "/" and anon_response.status == 200:
+                # Should be no padlock
+                assert "<h1>Datasette 🔒</h1>" not in anon_response.text
             auth_response = client.get(
                 path, cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
             )
             assert expected_auth == auth_response.status
+            # Check for the padlock
+            if allow and path == "/" and expected_anon == 403 and expected_auth == 200:
+                assert "<h1>Datasette 🔒</h1>" in auth_response.text
 
 
 @pytest.mark.parametrize(